Skip to content

[NET-2420] security: add security scans on protected branches#433

Merged
zalimeni merged 1 commit intomainfrom
zalimeni/net-2420-align-k8s-dataplane-config
Feb 16, 2024
Merged

[NET-2420] security: add security scans on protected branches#433
zalimeni merged 1 commit intomainfrom
zalimeni/net-2420-align-k8s-dataplane-config

Conversation

@zalimeni
Copy link
Copy Markdown
Member

@zalimeni zalimeni commented Feb 14, 2024
edited
Loading

Changes proposed in this PR

See hashicorp/consul#19978 for similar changes in those repos, adapted here.

@zalimeni zalimeni added pr/no-changelog This PR does not introduce a user-facing change that should be reflected in the changelog backport/1.1 Changes are backported to 1.1 backport/1.2 backport/1.4 Changes are backported to 1.4 labels Feb 14, 2024
@zalimeni
security: add security scans on protected branches
add57af 
Enable proactive triage by scanning PRs and merges to protected
branches.

Add exceptions to test and local tooling submodules to improve signal
in security scans and simplify triage.

Also add docs and align config to `consul-k8s` (no functional changes)
for easier maintenance.

See hashicorp/consul#19978 for similar change in that repo, adapted
here.
@zalimeni zalimeni force-pushed the zalimeni/net-2420-align-k8s-dataplane-config branch from 032f59a to add57af Compare February 14, 2024 18:59
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Feb 14, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

1 similar comment
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Feb 14, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@zalimeni zalimeni marked this pull request as ready for review February 15, 2024 20:25
@zalimeni zalimeni requested a review from a team February 15, 2024 20:25
@zalimeni zalimeni requested a review from a team as a code owner February 15, 2024 20:25
@zalimeni zalimeni requested review from sarahethompson and shore and removed request for a team February 15, 2024 20:25
zalimeni
zalimeni commented Feb 15, 2024
View reviewed changes
Comment thread .github/workflows/security-scan.yml
Comment on lines +43 to +44
#TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
Copy link
Copy Markdown
Member Author

@zalimeni zalimeni Feb 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not blocking, but would align w/ the token used in core.

@zalimeni zalimeni merged commit 4c9327e into main Feb 16, 2024
@zalimeni zalimeni deleted the zalimeni/net-2420-align-k8s-dataplane-config branch February 16, 2024 16:07
This was referenced Feb 16, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@david-yu david-yu Awaiting requested review from david-yu

@johnlanda johnlanda Awaiting requested review from johnlanda

@shore shore Awaiting requested review from shore

@sarahethompson sarahethompson Awaiting requested review from sarahethompson

1 more reviewer

@wilkermichael wilkermichael wilkermichael approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/1.1 Changes are backported to 1.1 backport/1.4 Changes are backported to 1.4 pr/no-changelog This PR does not introduce a user-facing change that should be reflected in the changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zalimeni @github-advanced-security @wilkermichael