From 325ce1122051098d389ba1c36f784a77003b25dd Mon Sep 17 00:00:00 2001
From: Sebastian Scherer <59142915+scherersebastian@users.noreply.github.com>
Date: Wed, 14 Feb 2024 21:56:35 +0100
Subject: [PATCH 1/5] ci: delete .github/workflows/veracode.yaml

---
 .github/workflows/veracode.yaml | 49 ---------------------------------
 1 file changed, 49 deletions(-)
 delete mode 100644 .github/workflows/veracode.yaml

diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml
deleted file mode 100644
index e8b3d77a01..0000000000
--- a/.github/workflows/veracode.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Veracode SAST test
-on:
-  workflow_dispatch: # Trigger manually
-  schedule:
-    - cron: '0 0 * * *' # Once a day
-
-jobs:
-  static_analysis:
-    name: Static Analysis
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@v4.5
-        with:
-          maven-version: 3.8.2
-
-      - name: Cache maven packages
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-
-      - name: Build
-        run: mvn package --batch-mode -DskipTests
-
-      - uses: actions/upload-artifact@v3
-        with:
-          path: 'irs-api/target/*exec.jar'
-
-      - name: Veracode Upload And Scan
-        uses: veracode/veracode-uploadandscan-action@0.2.6
-        with:
-          appname: 'IRS'
-          version: '${{ github.run_id }}'
-          createprofile: false
-          vid: '${{ secrets.VERACODE_API_ID || secrets.ORG_VERACODE_API_ID }}'
-          vkey: '${{ secrets.VERACODE_API_KEY || secrets.ORG_VERACODE_API_KEY }}'
-          filepath: 'irs-api/target/*exec.jar'
-          deleteIncompleteScan: 2 #delete a scan of any status except Results Ready to proceed with the uploadandscan action. If errors occur when running this action, the Java wrapper automatically deletes the incomplete scan.

From 787c605c5b38062af46dd73eb88a53dbfc886014 Mon Sep 17 00:00:00 2001
From: Sebastian Scherer <59142915+scherersebastian@users.noreply.github.com>
Date: Wed, 14 Feb 2024 22:01:29 +0100
Subject: [PATCH 2/5] ci: delete .github/workflows/spotbugs.yml

---
 .github/workflows/spotbugs.yml | 48 ----------------------------------
 1 file changed, 48 deletions(-)
 delete mode 100644 .github/workflows/spotbugs.yml

diff --git a/.github/workflows/spotbugs.yml b/.github/workflows/spotbugs.yml
deleted file mode 100644
index f0ac07b902..0000000000
--- a/.github/workflows/spotbugs.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-name: "Spotbugs bug detection"
-
-on:
-  push:
-    branches: main
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-  pull_request:
-    branches: main
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-      - 'charts/**'
-      - '.config/**'
-      - 'docs/**'
-      - 'local/**'
-      - 'README.md'
-      - 'CHANGELOG.md'
-  schedule:
-    - cron: '0 0 * * *' # Once a day
-
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-
-    name: spotbugs-check
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      - name: Cache maven packages
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-
-      - name: run maven spotbugs plugin
-        run: mvn clean package -DskipTests=true spotbugs:check
\ No newline at end of file

From f9c2826f1c48b3f61bbaad2515240b4cc3716b5c Mon Sep 17 00:00:00 2001
From: Sebastian Scherer <59142915+scherersebastian@users.noreply.github.com>
Date: Wed, 14 Feb 2024 22:02:53 +0100
Subject: [PATCH 3/5] ci: delete .config/spotbugs-excludes.xml

---
 .config/spotbugs-excludes.xml | 81 -----------------------------------
 1 file changed, 81 deletions(-)
 delete mode 100644 .config/spotbugs-excludes.xml

diff --git a/.config/spotbugs-excludes.xml b/.config/spotbugs-excludes.xml
deleted file mode 100644
index ff2379382f..0000000000
--- a/.config/spotbugs-excludes.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<FindBugsFilter>
-    <Match>
-        <!-- Do not fail on Spring REST endpoints. -->
-        <Bug pattern="SPRING_ENDPOINT"/>
-    </Match>
-    <Match>
-        <!-- Classes should generally use generated SerialVersionUID unless there is a reason to implement compatibility. -->
-        <Bug pattern="SE_NO_SERIALVERSIONID"/>
-    </Match>
-    <Match>
-        <!-- Classes should be able to write logs. -->
-        <Bug pattern="CRLF_INJECTION_LOGS"/>
-    </Match>
-    <Match>
-        <!-- Lombok getters used. -->
-        <Bug pattern="EI_EXPOSE_REP"/>
-    </Match>
-    <Match>
-        <!-- Lombok getters used. -->
-        <Bug pattern="EI_EXPOSE_REP2"/>
-    </Match>
-    <Match>
-        <Class name="org.eclipse.tractusx.irs.component.Shell$ShellBuilder"/>
-        <Bug pattern="UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
-    </Match>
-    <Match>
-        <!-- CSRF protection turned off on purpose. -->
-        <Class name="org.eclipse.tractusx.irs.configuration.security.SecurityConfiguration"/>
-        <Method name="securityFilterChain"/>
-        <Bug pattern="SPRING_CSRF_PROTECTION_DISABLED"/>
-    </Match>
-    <Match>
-        <!-- We want to explicitly throw Exception in this method. -->
-        <Class name="org.eclipse.tractusx.irs.configuration.security.SecurityConfiguration"/>
-        <Method name="securityFilterChain"/>
-        <Bug pattern="THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION"/>
-    </Match>
-    <Match>
-        <!-- This one is false-positive. -->
-        <Class name="org.eclipse.tractusx.irs.controllers.IrsExceptionHandler"/>
-        <Method name="handleMethodArgumentTypeMismatchException"/>
-        <Bug pattern="BC_UNCONFIRMED_CAST_OF_RETURN_VALUE"/>
-    </Match>
-    <Match>
-        <!-- This one is false-positive. -->
-        <Class name="org.eclipse.tractusx.irs.controllers.IrsExceptionHandler"/>
-        <Method name="handleMethodArgumentTypeMismatchException"/>
-        <Bug pattern="NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"/>
-    </Match>
-    <Match>
-        <Class name="org.eclipse.tractusx.irs.util.JobMetrics$JobMetricsBuilder"/>
-        <Bug pattern="UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
-    </Match>
-    <Match>
-        <!-- This one is an extreme edge case and not relevant in our case. -->
-        <Class name="org.eclipse.tractusx.irs.component.assetadministrationshell.AssetAdministrationShellDescriptor"/>
-        <Bug pattern="IMPROPER_UNICODE"/>
-    </Match>
-    <Match>
-        <Class name="org.eclipse.tractusx.irs.configuration.RestTemplateConfig"/>
-        <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
-    </Match>
-    <Match>
-        <Class name="org.eclipse.tractusx.irs.registryclient.central.DigitalTwinRegistryClientImpl"/>
-        <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
-    </Match>
-    <Match>
-        <Class name="org.eclipse.tractusx.irs.registryclient.decentral.DecentralDigitalTwinRegistryClient"/>
-        <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
-    </Match>
-    <Match>
-        <!-- The folder path is not provided by a user, the file name is normalized heavily, and we use a recent JRE -->
-        <Class name="org.eclipse.tractusx.irs.semanticshub.SemanticsHubClientImpl"/>
-        <Bug pattern="PATH_TRAVERSAL_IN,WEAK_FILENAMEUTILS"/>
-    </Match>
-    <Match>
-        <!-- The application is intended to access all files -->
-        <Class name="org.eclipse.tractusx.irs.testing.dataintegrity.TestdataTransformer"/>
-        <Bug pattern="PATH_TRAVERSAL_IN"/>
-    </Match>
-</FindBugsFilter>

From f73d6c00fbe038c86ef888013aa62466b7b5d8c1 Mon Sep 17 00:00:00 2001
From: Sebastian Scherer <59142915+scherersebastian@users.noreply.github.com>
Date: Wed, 14 Feb 2024 22:15:27 +0100
Subject: [PATCH 4/5] ci: update codeql.yml action version

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 187d7134c0..50db74f1e7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -93,4 +93,4 @@ jobs:
           mvn clean package --batch-mode -DskipTests
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

From 12a11c18e5e52cfad78240d71844faa5bbbd0597 Mon Sep 17 00:00:00 2001
From: Sebastian Scherer <59142915+scherersebastian@users.noreply.github.com>
Date: Wed, 14 Feb 2024 22:16:53 +0100
Subject: [PATCH 5/5] ci: delete .github/workflows/trivy.yml

---
 .github/workflows/trivy.yml | 50 -------------------------------------
 1 file changed, 50 deletions(-)
 delete mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
deleted file mode 100644
index 0dafa7fea6..0000000000
--- a/.github/workflows/trivy.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-# Depending on the location of your Docker container
-# you need to change the path to the specific Docker registry.
-#
-name: "Trivy vulnerability scanner"
-
-on:
-  workflow_dispatch: # Trigger manually
-  push:
-    branches: main
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-  pull_request:
-    branches: main
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-  schedule:
-    - cron: '0 0 * * *' # Once a day
-
-jobs:
-  analyze-config:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: "config"
-          ignore-unfixed: true
-          exit-code: "1"
-          hide-progress: false
-          format: "sarif"
-          output: "trivy-results1.sarif"
-          severity: "CRITICAL,HIGH"
-          # full-irs is a demonstration and not intended to run in a production environment, it can be excluded
-          skip-dirs: "charts/connector/aasregistry,charts/connector/daps,charts/connector/edc-provider,charts/connector/submodelservers,charts/irs-environments/local,local/deployment/full-irs"  # skip scanning external images.
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        if: always()
-        with:
-          sarif_file: "trivy-results1.sarif"
\ No newline at end of file