Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix failing job using GH issue lookup #24857

Merged
merged 1 commit into from
Jan 20, 2022
Merged

Fix failing job using GH issue lookup #24857

merged 1 commit into from
Jan 20, 2022

Conversation

PushkarJ
Copy link
Member

@PushkarJ PushkarJ commented Jan 12, 2022
edited
Loading

What

  • Currently snyk is detecting CVEs that are already being tracked for completion using Github Issues
  • Job script is now modified to pass the job if the detected CVEs have tracking Github Issues
  • This allows a low maintenance and intuitive allow list via Github Issues for CVEs that are transitive or have no or low impact

Why

Snyk job is failing: https://testgrid.k8s.io/sig-security-snyk-scan#ci-kubernetes-snyk-master

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jan 12, 2022
edited
Loading

CLA Signed

The committers are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 12, 2022
@PushkarJ
Copy link
Member Author

/sig security testing
/area security
/kind feature
/cc @nehaLohia27 @savitharaghunathan

@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/testing Categorizes an issue or PR as relevant to SIG Testing. kind/feature Categorizes issue or PR as related to a new feature. labels Jan 12, 2022
@k8s-ci-robot
Copy link
Contributor

@PushkarJ: The label(s) area/security cannot be applied, because the repository doesn't have them.

In response to this:

/sig security testing
/area security
/kind feature
/cc @nehaLohia27 @savitharaghunathan

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 15, 2022
@PushkarJ
Copy link
Member Author

/assign @mpherman2

(reviewed by @nehaLohia27 already)

@mpherman2
Copy link
Contributor

/lgtm
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 20, 2022
@mpherman2
Copy link
Contributor

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 20, 2022
@mpherman2
Copy link
Contributor

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mpherman2, nehaLohia27, PushkarJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 20, 2022
@k8s-ci-robot k8s-ci-robot merged commit 2235407 into kubernetes:master Jan 20, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Jan 20, 2022
@k8s-ci-robot
Copy link
Contributor

@PushkarJ: Updated the job-config configmap in namespace default at cluster test-infra-trusted using the following files:

  • key sig-security-trusted.yaml using file config/jobs/kubernetes/sig-k8s-infra/trusted/sig-security-trusted.yaml

In response to this:

What

  • Currently snyk is detecting CVEs that are already being tracked for completion using Github Issues
  • Job script is now modified to pass the job if the detected CVEs have tracking Github Issues
  • This allows a low maintenance and intuitive allow list via Github Issues for CVEs that are transitive or have no or low impact

Why

Snyk job is failing: https://testgrid.k8s.io/sig-security-snyk-scan#ci-kubernetes-snyk-master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@PushkarJ PushkarJ mentioned this pull request Sep 26, 2022
Open
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nehaLohia27 nehaLohia27 nehaLohia27 approved these changes

@savitharaghunathan savitharaghunathan Awaiting requested review from savitharaghunathan

@spiffxp spiffxp Awaiting requested review from spiffxp

@thockin thockin Awaiting requested review from thockin

Assignees

@nehaLohia27 nehaLohia27

@mpherman2 mpherman2

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/security Categorizes an issue or PR as relevant to SIG Security. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.
4 participants
@PushkarJ @k8s-ci-robot @mpherman2 @nehaLohia27