Skip to content

feat: add govulncheck for checking whether ArgoCD has CVE #21928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sivchari wants to merge 1 commit into from
Closed

feat: add govulncheck for checking whether ArgoCD has CVE #21928

sivchari wants to merge 1 commit into from

Conversation

@sivchari
Copy link
Member

@sivchari sivchari commented Feb 21, 2025

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

I added govulncheck workflow to check whether ArgoCD has CVE.

@sivchari sivchari requested review from a team as code owners February 21, 2025 02:18
@bunnyshell
Copy link

bunnyshell bot commented Feb 21, 2025
edited
Loading

❗ Preview Environment undeploy from Bunnyshell failed

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

  • 🚀 /bns:deploy to redeploy the environment
  • /bns:delete to try again to remove the environment

@sivchari sivchari changed the title add govulncheck for checking whether ArgoCD has CVE feat: add govulncheck for checking whether ArgoCD has CVE Feb 21, 2025
@sivchari
Copy link
Member Author

sivchari commented Feb 21, 2025

https://github.com/argoproj/argo-cd/actions/runs/13448667288/job/37579098493?pr=21928

This CI is passed when #21929 is merged.

@codecov
Copy link

codecov bot commented Feb 21, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.04%. Comparing base (9f37d43) to head (0db092d).
⚠️ Report is 1500 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #21928      +/-   ##
==========================================
+ Coverage   55.95%   56.04%   +0.09%     
==========================================
  Files         343      343              
  Lines       57327    57536     +209     
==========================================
+ Hits        32075    32248     +173     
- Misses      22619    22645      +26     
- Partials     2633     2643      +10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sivchari sivchari force-pushed the add-vulncheck-cve branch 2 times, most recently from ff0db36 to 024b8c9 Compare March 11, 2025 16:06
@sivchari
Copy link
Member Author

sivchari commented Mar 11, 2025

When argoproj/gitops-engine#698 is merged, we can deal with issue that CI is failed.

@sivchari sivchari force-pushed the add-vulncheck-cve branch from bb5c3b7 to 358d4ec Compare March 11, 2025 16:22
@sivchari sivchari force-pushed the add-vulncheck-cve branch from 358d4ec to 4f5154a Compare March 20, 2025 10:45
@sivchari
Copy link
Member Author

sivchari commented Mar 20, 2025
edited
Loading

@andrii-korotkov-verkada
If you have time, please review it. Thanks.

@sivchari
Copy link
Member Author

sivchari commented Apr 13, 2025

@crenshaw-dev @gdsoumya
If you have time, PTAL 🙏

sivchari
sivchari commented Apr 13, 2025
View reviewed changes
go.mod
)

replace (
github.com/argoproj/gitops-engine => github.com/sivchari/gitops-engine v0.0.0-20250311160727-70181af58e7f
Copy link
Member Author

@sivchari sivchari Apr 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated it after #698 is merged. This patch aims to fix the vulnerability.

@sivchari
Copy link
Member Author

sivchari commented Apr 13, 2025

https://pkg.go.dev/vuln/GO-2025-3547 is occurred, but this issue hasn't been resolved yet.
So vulncheck must be failed. Let's keep it until it's resolved.

@sivchari sivchari force-pushed the add-vulncheck-cve branch from 4f5154a to 0db092d Compare April 13, 2025 02:20
@sivchari sivchari closed this Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sivchari