Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds checking env variable for github actions for 6.x #237

Merged
merged 2 commits into from
Feb 2, 2024
Merged

Adds checking env variable for github actions for 6.x #237

merged 2 commits into from
Feb 2, 2024

Conversation

cerrussell
Copy link
Collaborator

Changes

  • Add checking of an environment variable for use with the AppThreat/dep-scan-action. User will have to run action with the value "I have sponsored OWASP-dep-scan.".
  • Updated workflow actions.

@cerrussell cerrussell force-pushed the depscan-action-req-sponsor branch 2 times, most recently from a490d3b to 6d0b7d4 Compare February 1, 2024 17:51
prabhu
prabhu reviewed Feb 1, 2024
View reviewed changes
Copy link
Member

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good. But initially lets use the 5.x for the action

prabhu
prabhu reviewed Feb 1, 2024
View reviewed changes
depscan/cli.py Outdated Show resolved Hide resolved
@cerrussell
Copy link
Collaborator Author

cerrussell commented Feb 1, 2024
edited
Loading

This is good. But initially lets use the 5.x for the action

@prabhu I didn't see this and already squashed the PR that would change this in dep-scan-action. However, I changed now - hopefully no issues as that is not what I tested.

@cerrussell cerrussell changed the base branch from release/6.x to release/5.x February 1, 2024 22:09
@cerrussell cerrussell changed the base branch from release/5.x to release/6.x February 1, 2024 22:15
@cerrussell cerrussell force-pushed the depscan-action-req-sponsor branch 2 times, most recently from cbfe8d1 to 29dc666 Compare February 1, 2024 22:29
@cerrussell
Update workflow actions.
66727ac 
Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell
Check for sponsorship when using the depscan action on GitHub.
3d64e13 
Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell cerrussell changed the title Adds checking env variable for github actions. Adds checking env variable for github actions for 6.x Feb 2, 2024
@cerrussell cerrussell merged commit ea23975 into release/6.x Feb 2, 2024
25 checks passed
@cerrussell cerrussell deleted the depscan-action-req-sponsor branch February 2, 2024 16:30
prabhu added a commit that referenced this pull request Feb 29, 2024
@prabhu @cerrussell @almaz045
Let's make 6.x the default (#265)
12fdf01 
* Clarify bounty targets in insights (#220)

* Clarify bounty targets in insights

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update pyproject.toml

Signed-off-by: prabhu <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: prabhu <prabhu@appthreat.com>

* Do not cancel action runs (#228)

* Do not cancel action runs

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Reduce duplicate runs

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update java version (#229)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Fix oras-py version

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Publish release images

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Fixes #233 in v6 (#235)

* Fixes #233 in v6

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Let's drop support for > 3.10

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Check sponsorship for github actions, update workflows (#237)

* Update workflow actions.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Check for sponsorship when using the depscan action on GitHub.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

---------

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Fix AttributeError raised when env variable not present.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Switch to tar xz version for v6 (#240)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Expand the scope of npm alias to search for vendor with the name npm (#243)

* Expand the scope of npm alias to search for vendor with the name npm

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Lint fixes

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Improves sub-tree display (#244)

* Improves sub-tree display

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Try using the default vdb home

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Trim CI. Fixes a CSAF error (#251)

* Fixes #248 in v6

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Fixes #248 in v6

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Support for gem with platform name in the version number (#253)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Corrects scenario where no src_dir is set - 6.x (#246)

* Corrects scenario where no src_dir is set.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Bugfix for NoneType.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Bugfix in process_suggestions.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

---------

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Use nodejs 20 LTS (#255)

* Use nodejs 20 LTS

Signed-off-by: prabhu <prabhu@appthreat.com>

* Print node version

Signed-off-by: prabhu <prabhu@appthreat.com>

---------

Signed-off-by: prabhu <prabhu@appthreat.com>

* fix KeyError in purl and version (#261)

ignore components without purl and version

* PR# 263 for v6 (#264)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Added more alias for js audit (#268)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: prabhu <prabhu@appthreat.com>
Signed-off-by: Caroline Russell <caroline@appthreat.dev>
Co-authored-by: Caroline Russell <caroline@appthreat.dev>
Co-authored-by: almaz045 <63047433+almaz045@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cerrussell @prabhu