Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(security-issues): fixed springboot security vulnerabilities and added codeql #293

Merged
merged 21 commits into from
Apr 24, 2024
Merged

chore(security-issues): fixed springboot security vulnerabilities and added codeql #293

merged 21 commits into from
Apr 24, 2024

Conversation

saudkhan116
Copy link
Contributor

@saudkhan116 saudkhan116 commented Apr 23, 2024
edited
Loading

Why we create this PR?

  • Added CodeQL workflow to analyze the codebase as a requirement from the release guidelines
  • Removed veracode workflows from git actions (replaced by CodeQL).
  • Fixed spring security vulnerabilities by upgrading the springboot version from 3.2.2 to 3.2.4

What we want to achieve with this PR?

To meet the trg-8 requirements

What is new?

Added

  • Added CodeQL code analysis to the workflow to comply with the release guidelines

Deleted

  • Removed veracode workflows from git actions (replaced by CodeQL).

Security Fixes:

Linked PR(s):

#289

saudkhan116 and others added 18 commits March 22, 2024 17:14
@saudkhan116
feat: added codeql workflow
e8e4ef3
@saudkhan116
Merge branch 'eclipse-tractusx:main' into feature/cmp-1135/security-r…
730dffb 
…equirements
@saudkhan116
Merge branch 'develop' of https://github.com/catenax-ng/tx-digital-pr…
fb12f85 
…oduct-pass into feature/cmp-1135/security-requirements
@saudkhan116
chore(fix): fixed codeql workflow
656832c
@saudkhan116
chore(fix): fixed codeql workflow
0c9fa38
@saudkhan116
chore(fix): replace Autobuild step with manual build to codeql workflow
1bdf161
@saudkhan116
chore(fix): fixed CodeQL issues
84ac236
@saudkhan116
chore(fix): fixed springboot vulnerability in pom file
89a2fa7
@saudkhan116
chore(ip-checks): executed ip checks to scan backend dependencies
16b377e
@saudkhan116
chore(fix): fixed eslint workflow
c9a7692
@saudkhan116
chore(ci): removed veracode workflows from git actions
b11c7a2
@saudkhan116
Merge branch 'eclipse-tractusx:main' into develop
68f4b3f
@saudkhan116
chore(ci): removed veracode workflows from git actions
c463877
@saudkhan116
Merge branch 'eclipse-tractusx:main' into develop
dee5cb5
@saudkhan116
Merge branch 'develop' of https://github.com/catenax-ng/tx-digital-pr…
021ec54 
…oduct-pass into feature/cmp-1135/security-requirements
@saudkhan116
Merge pull request #249 from catenax-ng/feature/cmp-1135/security-req…
fce6341 
…uirements

Feature/cmp 1135/security requirements: Added CodeQL workflow
@saudkhan116
chore(fix): fixed full length commit SHA in codeql
b950b6d
@saudkhan116
Merge branch 'eclipse-tractusx:main' into Release/v2.3.0-security-fixes
b3276db
@saudkhan116 saudkhan116 mentioned this pull request Apr 23, 2024
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 23, 2024
View reviewed changes
.github/workflows/codeql.yaml Show resolved Hide resolved
.github/workflows/codeql.yaml Fixed Show fixed Hide fixed
@saudkhan116 saudkhan116 force-pushed the release/v2.3.0-security-fixes branch 3 times, most recently from 4fe2190 to 5cc1830 Compare April 23, 2024 08:52
@saudkhan116 saudkhan116 force-pushed the release/v2.3.0-security-fixes branch from 5cc1830 to b0efdaa Compare April 23, 2024 08:59
@saudkhan116 saudkhan116 changed the title Release/v2.3.0 security fixes: chore(fix): fixed springboot security vulnerabilities and added codeql chore(security-issues): fixed springboot security vulnerabilities and added codeql Apr 24, 2024
matbmoser
matbmoser approved these changes Apr 24, 2024
View reviewed changes
Copy link
Contributor

@matbmoser matbmoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If all dependencies are approved and the workflow changes propose by @RoKrish14 are solved then I approve

@matbmoser
Copy link
Contributor

@RoKrish14 please check and re approve

@saudkhan116
Copy link
Contributor Author

If all dependencies are approved and the workflow changes propose by @RoKrish14 are solved then I approve

@matbmoser, I fixed now the issues requested by @RoKrish14. I hope there should be no issue left behind.

RoKrish14
RoKrish14 approved these changes Apr 24, 2024
View reviewed changes
Copy link
Contributor

@RoKrish14 RoKrish14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@saudkhan116 saudkhan116 merged commit 58eec0d into eclipse-tractusx:main Apr 24, 2024
7 checks passed
@saudkhan116 saudkhan116 deleted the release/v2.3.0-security-fixes branch April 24, 2024 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RoKrish14 RoKrish14 RoKrish14 approved these changes

@matbmoser matbmoser matbmoser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@saudkhan116 @matbmoser @RoKrish14