Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add snyk for security scanning #4259

Merged
merged 1 commit into from
Nov 16, 2023
Merged

ci: add snyk for security scanning #4259

merged 1 commit into from
Nov 16, 2023

Conversation

Madhu-1
Copy link
Collaborator

@Madhu-1 Madhu-1 commented Nov 15, 2023
edited
Loading

adding snyk GitHub action to run when a PR is merged to the branch, This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning results for a while.

@mergify mergify bot added the component/testing Additional test cases or CI work label Nov 15, 2023
@Madhu-1 Madhu-1 requested review from a team November 15, 2023 08:50
@Madhu-1 Madhu-1 added ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures labels Nov 15, 2023
@karthik-us
Copy link
Collaborator

nit: please fix the typo in the tool's name in commit header and description.

@Madhu-1 Madhu-1 changed the title ci: add synk for security scannling ci: add snyk for security scannling Nov 15, 2023
@nixpanic
Copy link
Member

Instead of doing this on every merge, maybe do it with a daily/weekly cron schedule?

@nixpanic nixpanic changed the title ci: add snyk for security scannling ci: add snyk for security scanning Nov 15, 2023
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 15, 2023

Instead of doing this on every merge, maybe do it with a daily/weekly cron schedule?

@nixpanic I didn't find any easy configuration that allows us to run CI jobs on all the branches (maintained). i thought this would be the best one for now, i would like not to have hardcoded release branch names and add new branches when we make a new release. Let me know WDYT?

@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 15, 2023

You can schedule a workflow to run at specific UTC times using POSIX cron syntax. Scheduled workflows run on the latest commit on the default or base branch

From the doc

@nixpanic
Copy link
Member

Ah, ok. In that case, maybe combine the two?

  1. run on a daily/weekly schedule for the devel branch
  2. run after each merged PR for release-* branches

@Madhu-1 Madhu-1 force-pushed the add-sync branch 2 times, most recently from 5795a52 to 3c2da69 Compare November 15, 2023 12:40
@nixpanic
Copy link
Member

Can you put them in a singe yaml?

on:
    schedule:
        ...
    push:
        ...

@nixpanic nixpanic requested a review from a team November 15, 2023 21:09
@nixpanic nixpanic added the ok-to-test Label to trigger E2E tests label Nov 15, 2023
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Nov 15, 2023
@Madhu-1
ci: add snyk scanning
5108c0d 
adding snyk github action to
run when a PR is merged to the release
branch or when a new release is done.
Run snyk weekly on the devel branch.
This will help us to track the security
scanning results and fix if anything is
required and also it serves as a placeholder
for security scanning result for a while.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
@mergify mergify bot added the ok-to-test Label to trigger E2E tests label Nov 16, 2023
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.26

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Nov 16, 2023
@mergify mergify bot merged commit 6b3665b into ceph:devel Nov 16, 2023
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@riya-singhal31 riya-singhal31 riya-singhal31 approved these changes

@nixpanic nixpanic nixpanic approved these changes

Assignees
No one assigned
Labels
ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures component/testing Additional test cases or CI work security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Madhu-1 @karthik-us @nixpanic @ceph-csi-bot @riya-singhal31