Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inspect source code for security issues #256

Merged
merged 1 commit into from
Jan 31, 2025
Merged

Inspect source code for security issues #256

merged 1 commit into from
Jan 31, 2025

Conversation

soumeh01
Copy link
Collaborator

@soumeh01 soumeh01 commented Jan 30, 2025
edited
Loading

Fixes

  • Inspect source code for security issues

Checklist

  • πŸ€– This change is covered by unit tests as required.
  • 🀹 All required manual testing has been performed.
  • πŸ›‘οΈ Security impacts have been considered.
  • πŸ“– All documentation updates are complete.
  • 🧠 This change does not change third-party dependencies

@github-actions GitHub Actions
Copy link
Contributor

Dependency Review

βœ… No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/securego/gosec e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 🟒 6.6
Details
CheckScoreReason
Maintained🟒 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟒 7Found 15/21 approved changesets -- score normalized to 7
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟒 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
License🟒 10license file detected
CII-Best-Practices🟒 5badge detected: Passing
Signed-Releases🟒 85 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟒 10SAST tool is run on all commits
Vulnerabilities🟒 100 existing vulnerabilities detected

Scanned Files

  • .github/workflows/test.yml

@github-actions GitHub Actions
Copy link
Contributor

Test Results

  4 files  Β±0   20 suites  Β±0   2s ⏱️ Β±0s
 74 tests Β±0   74 βœ… Β±0  0 πŸ’€ Β±0  0 ❌ Β±0 
296 runsβ€Š Β±0  296 βœ… Β±0  0 πŸ’€ Β±0  0 ❌ Β±0 

Results for commit 7ae9471. ± Comparison against base commit 7c0f3f0.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 30, 2025

Code Climate has analyzed commit 7ae9471 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 88.0% (0.0% change).

View more on Code Climate.

@soumeh01 soumeh01 marked this pull request as ready for review January 31, 2025 12:50
@soumeh01 soumeh01 requested review from brondani January 31, 2025 12:50
@soumeh01 soumeh01 merged commit 00f1ab9 into main Jan 31, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brondani brondani Awaiting requested review from brondani

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@soumeh01 @brondani