Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk SBOM workflow add #6274

Merged
merged 2 commits into from
Jun 1, 2022
Merged

Snyk SBOM workflow add #6274

merged 2 commits into from
Jun 1, 2022

Conversation

SadFaceSmith
Copy link
Member

What this PR does / why we need it:
This PR adds a short GH Action to generate and upload SBOM reports via Snyk.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

FYSA @grafana/security-team

@SadFaceSmith SadFaceSmith requested a review from a team as a code owner May 31, 2022 12:49
@CLAassistant
Copy link

CLAassistant commented May 31, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

MasslessParticle
MasslessParticle reviewed May 31, 2022
View reviewed changes
.github/workflows/snyk.yml
args: --json --all-projects --json-file-output=${{ github.event.repository.name }}.json --strict-out-of-sync=false

- name: install snyk-to-html
run: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice this task was run as part of the PR. This is a public CI, can a user do this to dump sensitive information?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MasslessParticle I would not think so, the secrets in the workflow are stored in the GitHub Org. Similar to the other workflows in this repo.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 It looks like Github actions does the right thing.

MasslessParticle
MasslessParticle approved these changes May 31, 2022
View reviewed changes
Copy link
Contributor

@MasslessParticle MasslessParticle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kavirajk
kavirajk approved these changes Jun 1, 2022
View reviewed changes
Copy link
Contributor

@kavirajk kavirajk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. thanks @SadFaceSmith.

@grafanabot
Copy link
Collaborator

./tools/diff_coverage.sh ../loki-main/test_results.txt test_results.txt ingester,distributor,querier,querier/queryrange,iter,storage,chunkenc,logql,loki

Change in test coverage per package. Green indicates 0 or positive change, red indicates that test coverage for a package fell.

+           ingester	0%
+        distributor	0%
+            querier	0%
+ querier/queryrange	0%
+               iter	0%
+            storage	0%
+           chunkenc	0%
+              logql	0%
+               loki	0%

@kavirajk kavirajk merged commit f58a14f into main Jun 1, 2022
@kavirajk kavirajk deleted the snyk_workflow branch June 1, 2022 11:25
This was referenced Jun 28, 2022
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kavirajk kavirajk kavirajk approved these changes

@MasslessParticle MasslessParticle MasslessParticle approved these changes

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SadFaceSmith @CLAassistant @grafanabot @MasslessParticle @kavirajk