Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inspect source code for security issues #364

Merged
merged 7 commits into from
Feb 5, 2025
Merged

Inspect source code for security issues #364

merged 7 commits into from
Feb 5, 2025

Conversation

soumeh01
Copy link
Collaborator

@soumeh01 soumeh01 commented Jan 29, 2025
edited
Loading

Fixes

  • Go Security Checker Inspects source code for security problems

Checklist

  • 🤖 This change is covered by unit tests as required.
  • 🤹 All required manual testing has been performed.
  • 🛡️ Security impacts have been considered.
  • 📖 All documentation updates are complete.
  • 🧠 This change does not change third-party dependencies

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 29, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/securego/gosec e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 7Found 15/20 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
CII-Best-Practices🟢 5badge detected: Passing
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Files

  • .github/workflows/test.yml

@soumeh01 soumeh01 changed the title Ispect source code for security issues Inspect source code for security issues Jan 29, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 29, 2025
edited
Loading

Test Results

  4 files  ±0   52 suites  ±0   6s ⏱️ ±0s
243 tests ±0  243 ✅ ±0  0 💤 ±0  0 ❌ ±0 
972 runs  ±0  972 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit aecec8c. ± Comparison against base commit 347e141.

♻️ This comment has been updated with latest results.

@soumeh01 soumeh01 requested review from brondani and JonatanAntoni and removed request for brondani January 29, 2025 15:09
@soumeh01 soumeh01 marked this pull request as ready for review January 30, 2025 08:07
@soumeh01 soumeh01 requested a review from brondani February 3, 2025 09:13
@codeclimate CodeClimate
Copy link

codeclimate bot commented Feb 5, 2025

Code Climate has analyzed commit aecec8c and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 71.7% (0.0% change).

View more on Code Climate.

@soumeh01 soumeh01 merged commit 3a99ab9 into main Feb 5, 2025
13 checks passed
@soumeh01 soumeh01 deleted the security-scan branch February 5, 2025 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JonatanAntoni JonatanAntoni JonatanAntoni approved these changes

@brondani brondani Awaiting requested review from brondani

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@soumeh01 @JonatanAntoni