Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Snyk scanning & monitoring #974

Closed
wants to merge 12 commits into from
Closed

Add Snyk scanning & monitoring #974

wants to merge 12 commits into from

Conversation

ryan-wren
Copy link
Contributor

@ryan-wren ryan-wren commented Jul 27, 2023
edited
Loading

Checklist

=========

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have checked for similar issues and haven't found anything relevant.
  • This is not a security issue (which should be reported here: https://circleci.com/security/)
  • I have read Contribution Guidelines.

Internal Checklist

  • I am requesting a review from my own team as well as the owning team
  • I have a plan in place for the monitoring of the changes that I am making (this can include new monitors, logs to be aware of, etc...)

Changes

=======

  • Added vulnerability-scan job to the CircleCI config, to run Snyk scans

Rationale

=========

The Snyk scans should only create a snapshot during CI when the changes are on the main branch.

Considerations

==============

Why you made some of the technical decisions that you made, especially if the
reasoning is not immediately obvious

Screenshots

============

Before

Image or [gif](https://giphy.com/apps/giphycapture)

After

Image or gif where change can be clearly seen

Here are some helpful tips you can follow when submitting a pull request:

  1. Fork the repository and create your branch from main.
  2. Run make build in the repository root.
  3. If you've fixed a bug or added code that should be tested, add tests!
  4. Ensure the test suite passes (make test).
  5. The --debug flag is often helpful for debugging HTTP client requests and responses.
  6. Format your code with gofmt.
  7. Make sure your code lints (make lint). Note: This requires Docker to run inside a local job.

@ryan-wren ryan-wren requested a review from a team as a code owner July 27, 2023 16:10
@ryan-wren ryan-wren changed the title SECENG-891 Add Snyk scanning & monitoring Add Snyk scanning & monitoring Jul 27, 2023
@ryan-wren ryan-wren requested a review from vallieres July 27, 2023 17:32
vallieres
vallieres approved these changes Jul 27, 2023
View reviewed changes
Copy link

@vallieres vallieres left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some changes but you are on the right track 😄

.circleci/config.yml Outdated Show resolved Hide resolved
.circleci/config.yml Outdated Show resolved Hide resolved
.circleci/config.yml Show resolved Hide resolved
.circleci/config.yml Outdated Show resolved Hide resolved
vallieres
vallieres reviewed Jul 27, 2023
View reviewed changes
.circleci/config.yml Outdated Show resolved Hide resolved
vallieres
vallieres reviewed Jul 27, 2023
View reviewed changes
.circleci/config.yml Outdated Show resolved Hide resolved
@vallieres
Copy link

For testing purposes, I would switch the condition around the branch, to run run a snyk monitor, and then go here:
https://app.snyk.io/org/circleci-public/projects?groupBy=targets&searchQuery=circleci-cli&sortBy=highest+severity&filters%5BShow%5D=&filters%5BIntegrations%5D=&before&after
and delete the newly created projects.

This way you can test it without merging to main.

Stuart133 and others added 12 commits August 1, 2023 13:30
@Stuart133 @ryan-wren
update runner component CODEOWNDER
9da3ccb
@polymeris @ryan-wren
feat: Bump the circleci-config version
23baebd 
Diff: CircleCI-Public/circleci-config@182164c...c469d9e

Includes:
- Improvements to Go, Python, Node & Ruby
- Added support for Rust & PHP
@loderunner @ryan-wren
fix: don't create license file when initializing private orb (#962)
1fd5c55
@loderunner @ryan-wren
feat: build & release darwin/arm64 binary (#961)
4279494 
* update goreleaser version

* install goreleaaser with apt

* fix version

* make apt quieter

* fix dockerfiles

* increase build executor resource class

* remove cache
@loderunner @ryan-wren
deps: remove replace directive for etcd from go.mod (#966)
06ce62a 
* deps: remove replace directive for etcd from go.mod

* add a few miising dependencies to go.sum
@JulesFaucherre @ryan-wren
docs: Improved the compatibility matrix in the README
b749d9d
@ryan-wren
SECENG-891 Add Snyk scanning & monitoring
2a87996
@ryan-wren
Use the 1.7.0 version of the Snyk orb
cba4470
@ryan-wren
Update Snyk scanning
225c2c8
@ryan-wren
Update Snyk organization to circleci-public in CircleCI config
e200938
@ryan-wren
Remove project param from Snyk scan in CircleCI config
b3407b1
@ryan-wren
Switch conditional to upload Snyk scan results on dev branch, for tes…
4e25bb4 
…ting
@ryan-wren ryan-wren force-pushed the SECENG-891-add-snyk-scanning-and-monitoring branch from 549d4c4 to 4e25bb4 Compare August 1, 2023 17:34
@ryan-wren ryan-wren requested a review from a team as a code owner August 1, 2023 17:34
@ryan-wren
Copy link
Contributor Author

Messed up during git rebase 🤦🏾‍♂️ . I'll open a new PR with these changes.

@ryan-wren
Copy link
Contributor Author

Closing this PR in favor of #978

@ryan-wren ryan-wren closed this Aug 1, 2023
@ryan-wren ryan-wren mentioned this pull request Aug 1, 2023
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vallieres vallieres vallieres approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ryan-wren @vallieres @Stuart133 @polymeris @loderunner @JulesFaucherre