Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NET-2420] security: add security scans on protected branches #433

Merged
merged 1 commit into from
Feb 16, 2024
Merged

[NET-2420] security: add security scans on protected branches #433

merged 1 commit into from
Feb 16, 2024

Conversation

zalimeni
Copy link
Member

@zalimeni zalimeni commented Feb 14, 2024
edited
Loading

Changes proposed in this PR

See hashicorp/consul#19978 for similar changes in those repos, adapted here.

@zalimeni zalimeni added pr/no-changelog This PR does not introduce a user-facing change that should be reflected in the changelog backport/1.1 Changes are backported to 1.1 backport/1.2 backport/1.4 Changes are backported to 1.4 labels Feb 14, 2024
@zalimeni
security: add security scans on protected branches
add57af 
Enable proactive triage by scanning PRs and merges to protected
branches.

Add exceptions to test and local tooling submodules to improve signal
in security scans and simplify triage.

Also add docs and align config to `consul-k8s` (no functional changes)
for easier maintenance.

See hashicorp/consul#19978 for similar change in that repo, adapted
here.
@zalimeni zalimeni force-pushed the zalimeni/net-2420-align-k8s-dataplane-config branch from 032f59a to add57af Compare February 14, 2024 18:59
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

1 similar comment
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@zalimeni zalimeni marked this pull request as ready for review February 15, 2024 20:25
@zalimeni zalimeni requested a review from a team February 15, 2024 20:25
@zalimeni zalimeni requested a review from a team as a code owner February 15, 2024 20:25
@zalimeni zalimeni requested review from shore and sarahethompson and removed request for a team February 15, 2024 20:25
zalimeni
zalimeni commented Feb 15, 2024
View reviewed changes
.github/workflows/security-scan.yml
Comment on lines +43 to +44
#TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not blocking, but would align w/ the token used in core.

@zalimeni zalimeni merged commit 4c9327e into main Feb 16, 2024
38 checks passed
@zalimeni zalimeni deleted the zalimeni/net-2420-align-k8s-dataplane-config branch February 16, 2024 16:07
This was referenced Feb 16, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wilkermichael wilkermichael wilkermichael approved these changes

@david-yu david-yu Awaiting requested review from david-yu

@johnlanda johnlanda Awaiting requested review from johnlanda

@shore shore Awaiting requested review from shore

@sarahethompson sarahethompson Awaiting requested review from sarahethompson

Assignees
No one assigned
Labels
backport/1.1 Changes are backported to 1.1 backport/1.4 Changes are backported to 1.4 pr/no-changelog This PR does not introduce a user-facing change that should be reflected in the changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zalimeni @wilkermichael