-
Notifications
You must be signed in to change notification settings - Fork 126
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* added security scan to ci and release pipelines * added SECURITY.md file * moved from mockery to gomock library
- Loading branch information
1 parent
0f98783
commit 1f80aa9
Showing
45 changed files
with
5,548 additions
and
9,413 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -102,6 +102,7 @@ $(OUT_DIR)/$(CLI_NAME).image: $(CLI_SRCS) | |
|
||
.PHONY: lint | ||
lint: $(GOBIN)/golangci-lint tidy | ||
@golangci-lint version | ||
@echo linting go code... | ||
@golangci-lint run --fix --timeout 6m | ||
|
||
|
@@ -110,7 +111,7 @@ test: | |
./hack/test.sh | ||
|
||
.PHONY: codegen | ||
codegen: $(GOBIN)/mockery | ||
codegen: $(GOBIN)/mockgen | ||
rm -f docs/commands/* | ||
go generate ./... | ||
|
||
|
@@ -149,25 +150,11 @@ tidy: | |
check-worktree: | ||
@./hack/check_worktree.sh | ||
|
||
$(GOBIN)/mockery: | ||
@mkdir dist || true | ||
@echo installing: mockery | ||
@curl -L -o dist/mockery.tar.gz -- https://github.com/vektra/mockery/releases/download/v2.8.0/mockery_2.8.0_$(shell uname -s)_$(shell uname -m).tar.gz | ||
@tar zxvf dist/mockery.tar.gz mockery | ||
@rm dist/mockery.tar.gz | ||
@chmod +x mockery | ||
@mkdir -p $(GOBIN) | ||
@mv mockery $(GOBIN)/mockery | ||
@mockery --version | ||
$(GOBIN)/mockgen: | ||
@go install github.com/golang/mock/[email protected] | ||
@mockgen -version | ||
|
||
$(GOBIN)/golangci-lint: | ||
@mkdir dist || true | ||
@echo installing: golangci-lint | ||
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.36.0 | ||
|
||
$(GOBIN)/interfacer: cwd=$(shell pwd) | ||
$(GOBIN)/interfacer: | ||
@cd /tmp | ||
@echo installing: interfacer | ||
@GO111MODULE=on go get -v github.com/rjeczalik/interfaces/cmd/[email protected] | ||
@cd ${cwd} | ||
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.45.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Security Policy for Argo-CD Autopilot | ||
|
||
## Preface | ||
|
||
Argo-CD Autopilot is a tool that helps users to get an opinionated gitops | ||
repository and bootstrapped Argo-CD installation. To achieve its goals | ||
Argo-CD Autopilot requires access to the Kubernetes cluster you want to | ||
install Argo-CD on and optionally to other Kubernetes clusters you want | ||
to connect to the Argo-CD instance as target clusters for deployments. | ||
|
||
Because Argo-CD Autopilot is a gitops tool it also requires access to | ||
your git repositories. Currently it requires pull and push access to | ||
your gitops repo (permission to create repositories is also required | ||
if you want to also create the repository as part of the bootstrapping | ||
process). Though, there are [plans](https://github.com/argoproj-labs/argocd-autopilot/issues/51) | ||
to have an optional <i>local</i> mode of operation where the user can | ||
tell Argo-CD Autopilot to make changes to a local copy of the repo, | ||
making the git repository access completely optional. | ||
|
||
## Security Scans | ||
|
||
We use the following static code analysis tools: | ||
|
||
* golangci-lint and tslint for compile time linting | ||
* snyk.io - for image scanning | ||
|
||
These are run on each pull request and before each release. | ||
|
||
Additionally, Dependabot is configured to scan and report new security | ||
vulnerabilities in our dependancy tree on a daily basis. | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you find a security related bug in Argo-CD Autopilot, we kindly ask you | ||
for responsible disclosure and for giving us appropriate time to react, | ||
analyze and develop a fix to mitigate the found security vulnerability. | ||
|
||
Please report vulnerabilities by e-mail to the following address: | ||
|
||
* [email protected] | ||
|
||
All vulnerabilities and associated information will be treated with full confidentiality. | ||
|
||
## Public Disclosure | ||
|
||
Security vulnerabilities will be disclosed via release notes and using the | ||
[GitHub Security Advisories](https://github.com/argoproj-labs/argocd-autopilot/security/advisories) | ||
feature to keep our community well informed, and will credit you for your findings (unless you prefer to stay anonymous, of course). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.