From 4a8b12eec7ec9fd75608f2c8dc3413c8260209c5 Mon Sep 17 00:00:00 2001 From: cypresschris Date: Wed, 22 Mar 2023 11:58:45 -0500 Subject: [PATCH 1/3] SEC-507 MAINT: Snyk Action maint updates --- .github/workflows/snyk_sca_scan.yaml | 2 +- .github/workflows/snyk_static_analysis_scan.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk_sca_scan.yaml b/.github/workflows/snyk_sca_scan.yaml index 8cf11078..58b5f780 100644 --- a/.github/workflows/snyk_sca_scan.yaml +++ b/.github/workflows/snyk_sca_scan.yaml @@ -25,4 +25,4 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }} with: - args: --debug --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=critical \ No newline at end of file + args: --debug --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=critical \ No newline at end of file diff --git a/.github/workflows/snyk_static_analysis_scan.yaml b/.github/workflows/snyk_static_analysis_scan.yaml index 5b275aab..c318fbfd 100644 --- a/.github/workflows/snyk_static_analysis_scan.yaml +++ b/.github/workflows/snyk_static_analysis_scan.yaml @@ -19,4 +19,4 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }} continue-on-error: true - run: snyk code test --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=high + run: snyk code test --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=high From a5c486e2ede28841ba1119da19e871bbbf01ea55 Mon Sep 17 00:00:00 2001 From: cypresschris Date: Wed, 22 Mar 2023 12:06:06 -0500 Subject: [PATCH 2/3] SEC-507 MAINT: remove push event from action --- .github/workflows/snyk_sca_scan.yaml | 3 --- .github/workflows/snyk_static_analysis_scan.yaml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.github/workflows/snyk_sca_scan.yaml b/.github/workflows/snyk_sca_scan.yaml index 58b5f780..6783ebb9 100644 --- a/.github/workflows/snyk_sca_scan.yaml +++ b/.github/workflows/snyk_sca_scan.yaml @@ -1,8 +1,5 @@ name: Snyk Software Composition Analysis Scan on: - push: - branches: - - '*' pull_request: branches: - master diff --git a/.github/workflows/snyk_static_analysis_scan.yaml b/.github/workflows/snyk_static_analysis_scan.yaml index c318fbfd..6830bf60 100644 --- a/.github/workflows/snyk_static_analysis_scan.yaml +++ b/.github/workflows/snyk_static_analysis_scan.yaml @@ -2,9 +2,6 @@ name: Snyk Static Analysis Scan # This SAST (Static Application Security Testing) scan is used to scan # our first-party code for security vulnerabilities on: - push: - branches: - - '*' pull_request: branches: - master From 9f07e8e0df9d89ef5a909f657f21dfce4ed90cc1 Mon Sep 17 00:00:00 2001 From: cypresschris Date: Wed, 22 Mar 2023 12:09:42 -0500 Subject: [PATCH 3/3] SEC-507 MAINT: validated fix disabling debug flag --- .github/workflows/snyk_sca_scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk_sca_scan.yaml b/.github/workflows/snyk_sca_scan.yaml index 6783ebb9..25e77d94 100644 --- a/.github/workflows/snyk_sca_scan.yaml +++ b/.github/workflows/snyk_sca_scan.yaml @@ -22,4 +22,4 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }} with: - args: --debug --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=critical \ No newline at end of file + args: --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=critical \ No newline at end of file