Skip to content

chore: prodsec security scanning [IDE-158] #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 11, 2024
Merged

chore: prodsec security scanning [IDE-158] #5

merged 2 commits into from
Mar 11, 2024

Conversation

@teodora-sandu
Copy link
Contributor

@teodora-sandu teodora-sandu commented Mar 11, 2024

Before we can open source the repo we need to update the security scanning quality gates to use the prodsec-orb.

The only actual change is that we only monitor on main and only gate on the branch, which the orb takes care of for us.

@teodora-sandu teodora-sandu requested a review from a team as a code owner March 11, 2024 16:08
bastiandoetsch
bastiandoetsch approved these changes Mar 11, 2024
View reviewed changes
Copy link
Contributor

@bastiandoetsch bastiandoetsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's also a prodsec reusable action: https://github.com/snyk/prodsec-orb/tree/main/.github/workflows. It's not as complete as circleci though. But it is worth considering building everything in circleci anyway.

bastiandoetsch
bastiandoetsch reviewed Mar 11, 2024
View reviewed changes
.circleci/config.yml Outdated
orbs:
snyk: snyk/snyk@1.2.3
prodsec: snyk/prodsec-orb@1.0
prodsec: snyk/prodsec-orb@1.1
Copy link
Contributor

@bastiandoetsch bastiandoetsch Mar 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to use @1 instead of the minor release. The minor release had problems in some of our repos.

@teodora-sandu teodora-sandu force-pushed the chore/prodsec-security-scanning branch from 8dc5ec7 to 23a2061 Compare March 11, 2024 16:29
@teodora-sandu
Copy link
Contributor Author

teodora-sandu commented Mar 11, 2024

There's also a prodsec reusable action: https://github.com/snyk/prodsec-orb/tree/main/.github/workflows.

I did not know that but my understanding is that this orb is going to be the recommended way of doing security scans soon: https://snyksec.atlassian.net/wiki/spaces/PRODSEC/pages/1752629272?atlOrigin=eyJpIjoiNDkzNmZiZDg3MGQ0NGU3ZTk2ZDNjNzNmM2ZlZGE3OTIiLCJwIjoiY29uZmx1ZW5jZS1jaGF0cy1pbnQifQ

@teodora-sandu teodora-sandu merged commit 3e84fc5 into main Mar 11, 2024
@teodora-sandu teodora-sandu deleted the chore/prodsec-security-scanning branch March 11, 2024 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bastiandoetsch bastiandoetsch bastiandoetsch approved these changes

@wayne-grant wayne-grant wayne-grant approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@teodora-sandu @bastiandoetsch @wayne-grant