From f8ae030fce27f9a0b9f6d97122ad6054c1be7abc Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Wed, 21 Apr 2021 20:25:42 +0000 Subject: [PATCH 01/12] scan alerting Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 7 +++++++ standalone-tools/vulnerability-scan/wss-scan.config | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index dd375e3d8c..21e3a09ec9 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -44,6 +44,13 @@ jobs: uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} + - uses: actions/checkout@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_MAVEN_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_MAVEN_SECRET_ACCESS_KEY }} + aws-region: us-west-2 - name: Vulnerability Scan id: vulnerability_scan env: diff --git a/standalone-tools/vulnerability-scan/wss-scan.config b/standalone-tools/vulnerability-scan/wss-scan.config index 7ceb78c545..e5da2cc854 100644 --- a/standalone-tools/vulnerability-scan/wss-scan.config +++ b/standalone-tools/vulnerability-scan/wss-scan.config @@ -1,3 +1,3 @@ baseDirPath=$(pwd) gitBasePath=https://github.com/opensearch-project/ -gitRepos=alerting,alerting-dashboards-plugin,anomaly-detection,anomaly-detection-dashboards-plugin,common-utils,dashboards-notebooks,dashboards-reports,dashboards-visualizations,data-prepper,index-management,index-management-dashboards-plugin,job-scheduler,k-NN,opensearch-cli,performance-analyzer,performance-analyzer-rca,perftop,sql,trace-analytics +gitRepos=alerting From 68ae77c29c1808e8e01ae891ea83ae7dc7fcae35 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Wed, 21 Apr 2021 20:30:08 +0000 Subject: [PATCH 02/12] scan alerting Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 21e3a09ec9..22c570d65b 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -5,6 +5,8 @@ on: - cron: '30 10 * * *' repository_dispatch: types: [check-vulnerability-whitesource] + push: + branches: [sreekarj_wss] jobs: Provision-Runners: From 9f41434ee6f9c62e187c8f789727ee3edcc19715 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Wed, 21 Apr 2021 20:44:58 +0000 Subject: [PATCH 03/12] scan alerting Signed-off-by: sreekarjami --- standalone-tools/vulnerability-scan/wss-scan.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/standalone-tools/vulnerability-scan/wss-scan.config b/standalone-tools/vulnerability-scan/wss-scan.config index e5da2cc854..30d7e64d2f 100644 --- a/standalone-tools/vulnerability-scan/wss-scan.config +++ b/standalone-tools/vulnerability-scan/wss-scan.config @@ -1,3 +1,3 @@ baseDirPath=$(pwd) gitBasePath=https://github.com/opensearch-project/ -gitRepos=alerting +gitRepos=alerting,alerting-dashboards-plugin,anomaly-detection,anomaly-detection-dashboards-plugin,asynchronous-search,common-utils,dashboards-notebooks,dashboards-reports,dashboards-visualizations,data-prepper,index-management,index-management-dashboards-plugin,job-scheduler,k-NN,opensearch-cli,performance-analyzer,performance-analyzer-rca,perftop,security,security-dashboards-plugin,sql,trace-analytics From 17a604a16e3121cd1bf68664c472a1dc7a447aab Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Wed, 21 Apr 2021 23:53:35 +0000 Subject: [PATCH 04/12] scan all opensearch plugins Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 22c570d65b..199f553113 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -71,6 +71,8 @@ jobs: sudo yum install yarn -y export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v + git clone git@github.com:opensearch-project/OpenSearch.git + OpenSearch/gradlew publishToMavenLocal ./wss-scan.sh echo ::set-output name=mail_content::$(cat output.md) cat whitesource/*/* From eddd41968e1d1d162417ee5bd8e92c611c756240 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 00:03:11 +0000 Subject: [PATCH 05/12] scan all opensearch plugins Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 199f553113..4802fa4e1f 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -71,7 +71,7 @@ jobs: sudo yum install yarn -y export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v - git clone git@github.com:opensearch-project/OpenSearch.git + git clone https://github.com/opensearch-project/OpenSearch.git OpenSearch/gradlew publishToMavenLocal ./wss-scan.sh echo ::set-output name=mail_content::$(cat output.md) From a5f77a05136a06214e6199621231edfcdca3c5f9 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 00:15:45 +0000 Subject: [PATCH 06/12] scan all plugins Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 4802fa4e1f..d0bca48a65 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -72,7 +72,8 @@ jobs: export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v git clone https://github.com/opensearch-project/OpenSearch.git - OpenSearch/gradlew publishToMavenLocal + cd OpenSearch + gradle publishToMavenLocal; cd .. ./wss-scan.sh echo ::set-output name=mail_content::$(cat output.md) cat whitesource/*/* From 2373140b751ae337f4ccbb0ac70644307b8ad330 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 15:37:33 +0000 Subject: [PATCH 07/12] scan all repos Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index d0bca48a65..5547779e22 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -71,9 +71,9 @@ jobs: sudo yum install yarn -y export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v - git clone https://github.com/opensearch-project/OpenSearch.git - cd OpenSearch - gradle publishToMavenLocal; cd .. + #git clone https://github.com/opensearch-project/OpenSearch.git + #cd OpenSearch + #gradle publishToMavenLocal; cd .. ./wss-scan.sh echo ::set-output name=mail_content::$(cat output.md) cat whitesource/*/* From 15cffa1c569f449f9ed44ac608364b844768105f Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 17:36:42 +0000 Subject: [PATCH 08/12] scan all repos Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 5547779e22..000d0a1d17 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -34,7 +34,7 @@ jobs: strategy: fail-fast: false matrix: - java: [11] + java: [14] go-version: [1.14] steps: - uses: actions/checkout@v1 @@ -71,9 +71,9 @@ jobs: sudo yum install yarn -y export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v - #git clone https://github.com/opensearch-project/OpenSearch.git - #cd OpenSearch - #gradle publishToMavenLocal; cd .. + git clone https://github.com/opensearch-project/OpenSearch.git + cd OpenSearch + gradle publishToMavenLocal; cd .. ./wss-scan.sh echo ::set-output name=mail_content::$(cat output.md) cat whitesource/*/* From c114fbcf86f16df85422a3d0b0a9241d7d807c51 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 19:58:54 +0000 Subject: [PATCH 09/12] add step to publish to local maven Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 000d0a1d17..52c71b3a13 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -5,8 +5,6 @@ on: - cron: '30 10 * * *' repository_dispatch: types: [check-vulnerability-whitesource] - push: - branches: [sreekarj_wss] jobs: Provision-Runners: From cef112bc5940c1fc4e98b8fff7911d28509159ef Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 20:11:19 +0000 Subject: [PATCH 10/12] add step to publish to local maven Signed-off-by: sreekarjami --- standalone-tools/vulnerability-scan/wss-scan.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/standalone-tools/vulnerability-scan/wss-scan.config b/standalone-tools/vulnerability-scan/wss-scan.config index 30d7e64d2f..7ceb78c545 100644 --- a/standalone-tools/vulnerability-scan/wss-scan.config +++ b/standalone-tools/vulnerability-scan/wss-scan.config @@ -1,3 +1,3 @@ baseDirPath=$(pwd) gitBasePath=https://github.com/opensearch-project/ -gitRepos=alerting,alerting-dashboards-plugin,anomaly-detection,anomaly-detection-dashboards-plugin,asynchronous-search,common-utils,dashboards-notebooks,dashboards-reports,dashboards-visualizations,data-prepper,index-management,index-management-dashboards-plugin,job-scheduler,k-NN,opensearch-cli,performance-analyzer,performance-analyzer-rca,perftop,security,security-dashboards-plugin,sql,trace-analytics +gitRepos=alerting,alerting-dashboards-plugin,anomaly-detection,anomaly-detection-dashboards-plugin,common-utils,dashboards-notebooks,dashboards-reports,dashboards-visualizations,data-prepper,index-management,index-management-dashboards-plugin,job-scheduler,k-NN,opensearch-cli,performance-analyzer,performance-analyzer-rca,perftop,sql,trace-analytics From 6ba8325581f3d010ad9d825a4f4aa970b39ce465 Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 20:18:57 +0000 Subject: [PATCH 11/12] add comments in the workflow Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 52c71b3a13..74d98fb9c2 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -69,6 +69,8 @@ jobs: sudo yum install yarn -y export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v + # This step is needed to avoid build failures in few plugins + # No ETA on when this depedency can be removed git clone https://github.com/opensearch-project/OpenSearch.git cd OpenSearch gradle publishToMavenLocal; cd .. From 50836e3049805dca3bbc4423451540466f4bd36e Mon Sep 17 00:00:00 2001 From: sreekarjami Date: Thu, 22 Apr 2021 20:23:49 +0000 Subject: [PATCH 12/12] add comments in the workflow Signed-off-by: sreekarjami --- .github/workflows/check-vulnerability-whitesource.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-vulnerability-whitesource.yml b/.github/workflows/check-vulnerability-whitesource.yml index 74d98fb9c2..dab134bdec 100644 --- a/.github/workflows/check-vulnerability-whitesource.yml +++ b/.github/workflows/check-vulnerability-whitesource.yml @@ -70,7 +70,7 @@ jobs: export PATH=$PATH:/opt/gradle/gradle-6.7/bin gradle -v; mvn -v ; npm -v; yarn -v # This step is needed to avoid build failures in few plugins - # No ETA on when this depedency can be removed + # No ETA on when this dependency can be removed git clone https://github.com/opensearch-project/OpenSearch.git cd OpenSearch gradle publishToMavenLocal; cd ..