chore(deps): Included dependency review #1792

naveensrinivasan · 2022-04-23T13:20:10Z

Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
and warns you about the associated security vulnerabilities.
This gives you better visibility of what's changing in a pull request,
and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan [email protected]

> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, > and warns you about the associated security vulnerabilities. > This gives you better visibility of what's changing in a pull request, > and helps prevent vulnerabilities being added to your repository. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement Signed-off-by: naveensrinivasan <[email protected]>

naveensrinivasan · 2022-04-23T13:21:19Z

@cpanato 👀

codecov-commenter · 2022-04-23T13:22:27Z

Codecov Report

Merging #1792 (feeaf98) into main (c96ebb4) will increase coverage by 1.34%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1792      +/-   ##
==========================================
+ Coverage   31.51%   32.85%   +1.34%     
==========================================
  Files         145      147       +2     
  Lines        8913     9346     +433     
==========================================
+ Hits         2809     3071     +262     
- Misses       5765     5919     +154     
- Partials      339      356      +17

Impacted Files	Coverage Δ
pkg/cosign/kubernetes/webhook/validation.go	`74.00% <0.00%> (-6.77%)`	⬇️
pkg/cosign/kubernetes/webhook/validator.go	`77.70% <0.00%> (-4.86%)`	⬇️
pkg/cosign/rego/rego.go	`71.42% <0.00%> (-1.30%)`	⬇️
cmd/cosign/cli/sign/sign.go	`14.36% <0.00%> (-0.34%)`	⬇️
cmd/cosign/cli/sign.go	`0.00% <0.00%> (ø)`
cmd/cosign/cli/attest.go	`0.00% <0.00%> (ø)`
cmd/cosign/cli/verify.go	`0.00% <0.00%> (ø)`
cmd/cosign/cli/verify/verify.go	`0.00% <0.00%> (ø)`
cmd/cosign/cli/sign/sign_blob.go	`0.00% <0.00%> (ø)`
cmd/cosign/cli/verify/verify_blob.go	`10.42% <0.00%> (ø)`
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c96ebb4...feeaf98. Read the comment docs.

.github/workflows/depsreview.yml

cpanato · 2022-04-26T14:02:11Z

@naveensrinivasan please sign the DCO

Signed-off-by: naveensrinivasan <[email protected]>

naveensrinivasan · 2022-04-26T14:35:08Z

@naveensrinivasan please sign the DCO

Done! Thanks

.github/workflows/depsreview.yml

Signed-off-by: naveensrinivasan <[email protected]>

* chore(deps): Included dependency review > Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, > and warns you about the associated security vulnerabilities. > This gives you better visibility of what's changing in a pull request, > and helps prevent vulnerabilities being added to your repository. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement Signed-off-by: naveensrinivasan <[email protected]> * Update depsreview.yml Signed-off-by: naveensrinivasan <[email protected]> * Update depsreview.yml Signed-off-by: naveensrinivasan <[email protected]>

hectorj2f previously approved these changes Apr 25, 2022

View reviewed changes

hectorj2f assigned hectorj2f and unassigned hectorj2f Apr 25, 2022

hectorj2f requested a review from dlorenc April 25, 2022 10:30

cpanato reviewed Apr 25, 2022

View reviewed changes

.github/workflows/depsreview.yml Outdated Show resolved Hide resolved

cpanato requested changes Apr 26, 2022

View reviewed changes

.github/workflows/depsreview.yml Outdated Show resolved Hide resolved

naveensrinivasan dismissed hectorj2f’s stale review via 4d1e463 April 26, 2022 13:44

naveensrinivasan requested a review from cpanato April 26, 2022 13:44

Update depsreview.yml

a8c214a

Signed-off-by: naveensrinivasan <[email protected]>

naveensrinivasan force-pushed the naveen/feat/deps-review branch from 4d1e463 to a8c214a Compare April 26, 2022 14:34

cpanato previously approved these changes Apr 26, 2022

View reviewed changes

cpanato reviewed Apr 29, 2022

View reviewed changes

.github/workflows/depsreview.yml Outdated Show resolved Hide resolved

naveensrinivasan dismissed cpanato’s stale review via 39c032d April 29, 2022 15:02

Update depsreview.yml

feeaf98

Signed-off-by: naveensrinivasan <[email protected]>

naveensrinivasan force-pushed the naveen/feat/deps-review branch from 39c032d to feeaf98 Compare April 29, 2022 15:03

cpanato approved these changes Apr 29, 2022

View reviewed changes

dlorenc merged commit e74f180 into sigstore:main Apr 30, 2022

github-actions bot added this to the v1.9.0 milestone Apr 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Included dependency review #1792

chore(deps): Included dependency review #1792

naveensrinivasan commented Apr 23, 2022

naveensrinivasan commented Apr 23, 2022

codecov-commenter commented Apr 23, 2022 •

edited

Loading

cpanato commented Apr 26, 2022

naveensrinivasan commented Apr 26, 2022

chore(deps): Included dependency review #1792

chore(deps): Included dependency review #1792

Conversation

naveensrinivasan commented Apr 23, 2022

naveensrinivasan commented Apr 23, 2022

codecov-commenter commented Apr 23, 2022 • edited Loading

Codecov Report

cpanato commented Apr 26, 2022

naveensrinivasan commented Apr 26, 2022

codecov-commenter commented Apr 23, 2022 •

edited

Loading