Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce gosec for Static Application Security Testing (SAST) #34

Merged
merged 7 commits into from
Dec 19, 2024
Merged

Introduce gosec for Static Application Security Testing (SAST) #34

merged 7 commits into from
Dec 19, 2024

Conversation

shreyas-s-rao
Copy link
Contributor

How to categorize this PR?

/area security
/kind enhancement

What this PR does / why we need it:
Introduce gosec for Static Application Security Testing (SAST) for etcd-wrapper.

Which issue(s) this PR fixes:
Fixes #33

Special notes for your reviewer:
/invite @ashwani2k

Release note:

Introduce `gosec` for Static Application Security Testing (SAST) via `make sast` and `make sast-report`.

@shreyas-s-rao shreyas-s-rao added this to the v0.4.0 milestone Dec 17, 2024
@shreyas-s-rao shreyas-s-rao requested a review from a team as a code owner December 17, 2024 07:32
@gardener-robot gardener-robot added the needs/review Needs review label Dec 17, 2024
@gardener-robot gardener-robot added area/security Security related kind/enhancement Enhancement, improvement, extension size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Dec 17, 2024
@shreyas-s-rao shreyas-s-rao added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 17, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 17, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 17, 2024
@shreyas-s-rao
Copy link
Contributor Author

@oliver-goetz can you please let me know if this is the correct way of enabling the gosec-based SAST linting and including the linting logs as part of the OCM descriptor in the .ci/pipeline_definitions definition?

ccwienk
ccwienk reviewed Dec 18, 2024
View reviewed changes
Copy link
Member

@ccwienk ccwienk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm (w.r.t. pipeline-definitions)

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Dec 18, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 18, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 19, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 19, 2024
ishan16696
ishan16696 approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for PR @shreyas-s-rao
LGTM

@shreyas-s-rao shreyas-s-rao merged commit ff1417e into gardener:main Dec 19, 2024
8 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Dec 19, 2024
@shreyas-s-rao shreyas-s-rao deleted the gosec-sast branch December 19, 2024 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccwienk ccwienk ccwienk left review comments

@ishan16696 ishan16696 ishan16696 approved these changes

@ashwani2k ashwani2k ashwani2k approved these changes

Assignees
No one assigned
Labels
area/security Security related kind/enhancement Enhancement, improvement, extension needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
v0.4.0
Development

Successfully merging this pull request may close these issues.

Introduce gosec for Static Application Security Testing (SAST) for etcd-wrapper
8 participants
@shreyas-s-rao @ashwani2k @ccwienk @ishan16696 @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot