Enabling the MetaMask Security Code Scanner #22916
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Builds ready [68db3ae]
Page Load Metrics (961 ± 55 ms)
Bundle size diffs
|
Builds ready [1e58a01]
Page Load Metrics (1028 ± 33 ms)
Bundle size diffs
|
Builds ready [be81bb9]
Page Load Metrics (1065 ± 60 ms)
Bundle size diffs
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #22916 +/- ##
========================================
Coverage 68.60% 68.60%
========================================
Files 1097 1097
Lines 43309 43309
Branches 11544 11544
========================================
Hits 29711 29711
Misses 13598 13598 ☔ View full report in Codecov by Sentry. |
Builds ready [13f8900]
Page Load Metrics (1087 ± 52 ms)
Bundle size diffs
|
Builds ready [c477d72]
Page Load Metrics (1118 ± 86 ms)
Bundle size diffs
|
Builds ready [4333e8e]
Page Load Metrics (1063 ± 61 ms)
Bundle size diffs
|
Builds ready [1b687ca]
Page Load Metrics (1204 ± 111 ms)
Bundle size diffs
|
Builds ready [55c5572]
Page Load Metrics (1117 ± 52 ms)
Bundle size diffs
|
NicholasEllul
previously approved these changes
Feb 15, 2024
Builds ready [048aabb]
Page Load Metrics (1110 ± 64 ms)
Bundle size diffs
|
|
The examples of third-party/vendored code that I'm aware of are:
Definitely seems appropriate to ignore those two at least. |
Builds ready [1d87657]
Page Load Metrics (1008 ± 39 ms)
Bundle size diffs
|
I've added these two paths. CodeQL scans on just the repo- node_modules are not scanned by the default, Im ok leaving it in so it is explicit. |
Builds ready [64f30dc]
Page Load Metrics (1015 ± 38 ms)
Bundle size diffs
|
Builds ready [dbf5034]
Page Load Metrics (1065 ± 81 ms)
Bundle size diffs
|
legobeat
reviewed
Feb 20, 2024
legobeat
approved these changes
Feb 20, 2024
thank you @legobeat |
Builds ready [1dbcbda]
Page Load Metrics (1769 ± 83 ms)
Bundle size diffs
|
legobeat
reviewed
Feb 23, 2024
legobeat
suggested changes
Feb 23, 2024
This is fixed now |
Builds ready [f5ba74f]
Page Load Metrics (1509 ± 338 ms)
Bundle size diffs
|
legobeat
reviewed
Feb 27, 2024
Builds ready [97d6827]
Page Load Metrics (1045 ± 377 ms)
Bundle size diffs
|
FrederikBolding
approved these changes
Feb 27, 2024
metamaskbot
added
the
release-11.13.0
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Required Action
Prior to merging this pull request, please ensure the following has been completed:
branchescorrectly specifies this repository's default branch (usuallymain).paths_ignoredconfiguration option (see setup)What is the Security Code Scanner?
This pull request enables the MetaMask Security Code Scanner GitHub Action. This action runs on each pull request, and will flag potential vulnerabilities as a review comment. It will also scan this repository's default branch, and log any findings in this repository's Code Scanning Alerts Tab.
The action itself runs various static analysis engines behind the scenes. Currently, it is only running GitHub's CodeQL engine. For this reason, we recommend disabling any existing CodeQL configuration your repository may have.
How do I interact with the tool?
Every finding raised by the Security Code Scanner will present context behind the potential vulnerability identified, and allow the developer to fix, or dismiss it.
The finding will automatically be dismissed by pushing a commit that fixes the identified issue, or by manually dismissing the alert using the button in GitHub's UI. If dismissing an alert manually, please add any additional context surrounding the reason for dismissal, as this informs our decision to disable, or improve any poor performing rules.
For more configuration options, please review the tool's README.
For any additional questions, please reach out to
@mm-application-securityslack.