New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security-scan.hcl #21739

Merged

sarahalsmiller merged 2 commits into main from Suppress-CVE-2024-8096

Sep 16, 2024

Member

sarahalsmiller commented Sep 16, 2024

Description

Prepare job is still failing despite suppression, attempting to add a line with the updated version

Testing & Reproduction steps

Links

PR Checklist

updated test coverage
external facing docs updated
appropriate backport labels added
not a security concern


          Update security-scan.hcl

8ac0e6c

sarahalsmiller requested a review from a team as a code owner

September 16, 2024 17:05

sarahalsmiller added backport/all pr/no-changelog labels

jm96441n approved these changes

View reviewed changes

Member

jm96441n left a comment

lgtm

sarahalsmiller enabled auto-merge (squash)

September 16, 2024 17:14


          Merge branch 'main' into Suppress-CVE-2024-8096

3f36a9e

zalimeni reviewed

View reviewed changes

.release/security-scan.hcl

@@ @@ -79,7 +79,8 @@ binary { @@
               		suppress {
               			# N.b. `vulnerabilites` is the correct spelling for this tool.
               			vulnerabilites = [
-              				"CVE-2024-8096", # curl@8.9.1-r0
+              				"CVE-2024-8096", # curl@8.9.1-r0,
+              				"CVE-2024-8096", # curl@8.9.1-r2,

Member

zalimeni Sep 16, 2024 •

edited

Loading

This comment is just informational for us to keep track of why we skipped the CVE - AFAIK it has no functional effect on scans. We might need to dig deeper into why scans are still failing 🤔

Contributor

dduzgun-security Sep 16, 2024

Should we have it only in one line since they are both for the same CVE?

"CVE-2024-8096", # curl@8.9.1-r0, curl@8.9.1-r2

sarahalsmiller merged commit 5a84cd1 into main

94 checks passed

sarahalsmiller deleted the Suppress-CVE-2024-8096 branch

September 16, 2024 17:42

hc-github-team-consul-core added backport/1.19 backport/ent/1.17 backport/ent/1.15 backport/ent/1.18 labels

hc-github-team-consul-core mentioned this pull request

Backport of Update security-scan.hcl into release/1.19.x #21743

Closed

4 tasks

Contributor

hc-github-team-consul-core commented Sep 17, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

1 similar comment

Contributor

hc-github-team-consul-core commented Sep 18, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

jmurret added backport/ent/1.17 backport/ent/1.15 and removed backport/ent/1.17 backport/ent/1.15 labels

Contributor

hc-github-team-consul-core commented Sep 19, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

6 similar comments

Contributor

hc-github-team-consul-core commented Sep 20, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Sep 21, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Sep 22, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Sep 23, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Sep 24, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Sep 25, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

dhiaayachi mentioned this pull request

Backport of Update security-scan.hcl into release/1.19.x dhiaayachi/consul#61

Open

4 tasks

Contributor

hc-github-team-consul-core commented Sep 26, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 4, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

10 similar comments

Contributor

hc-github-team-consul-core commented Oct 5, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 6, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 7, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 8, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 9, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 10, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 11, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 12, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 13, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

Contributor

hc-github-team-consul-core commented Oct 14, 2024

📣 Hi @sarahalsmiller! a backport is missing for this PR [21739] for versions [1.15,1.17,1.18,1.19] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

nathancoleman added backport/all and removed backport/ent/1.17 backport/ent/1.15 backport/all backport/1.19 backport/ent/1.18 labels

hc-github-team-consul-core added backport/1.19 backport/1.20 backport/ent/1.17 backport/ent/1.15 backport/ent/1.18 labels

This was referenced Oct 14, 2024

Backport of Update security-scan.hcl into release/1.19.x #21817

Draft

Backport of Update security-scan.hcl into release/1.20.x #21818

Closed

sarahalsmiller removed backport/1.20 backport/ent/1.17 backport/ent/1.15 backport/1.19 backport/ent/1.18 labels

nathancoleman removed the backport/all label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr/no-changelog