Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add veracode scan #2250

Merged
merged 17 commits into from
Sep 19, 2024
Merged

Add veracode scan #2250

merged 17 commits into from
Sep 19, 2024

Conversation

ben-polinsky
Copy link
Collaborator

Changes

Add Veracode static code analysis. Gather, zip, and upload files to Veracode for analysis.

Testing

Tested zipping locally. Tested zip and upload in CI and validated in Veracode dashboard.

@ben-polinsky ben-polinsky requested a review from a team as a code owner September 18, 2024 19:00
@ben-polinsky ben-polinsky requested review from mayank99 and smmr-dn and removed request for a team September 18, 2024 19:00
mayank99
mayank99 reviewed Sep 18, 2024
View reviewed changes
Copy link
Contributor

@mayank99 mayank99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, thanks for creating this PR. It generally looks ok but I'm wondering if we can reduce maintenance burden.

scripts/zip-for-veracode.mjs Outdated Show resolved Hide resolved
mayank99
mayank99 reviewed Sep 19, 2024
View reviewed changes
Copy link
Contributor

@mayank99 mayank99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small suggestions

.github/workflows/build.yml Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
.github/workflows/build.yml Outdated Show resolved Hide resolved
@ben-polinsky
Copy link
Collaborator Author

I see your audit has been failing for some time, do you want me to fix these?

mayank99
mayank99 approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@mayank99 mayank99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks again for creating this PR

We are aware of the audit issue, don't worry about that. I believe we were waiting for a fix from one of our dependencies; it might be a good time to check again. /cc @r100-stack

@mayank99 mayank99 merged commit 4e8be34 into main Sep 19, 2024
14 of 15 checks passed
@mayank99 mayank99 deleted the add-veracode-scan branch September 19, 2024 15:28
@r100-stack
Copy link
Member

We are aware of the audit issue, don't worry about that. I believe we were waiting for a fix from one of our dependencies; it might be a good time to check again. /cc @r100-stack

Yes, I'm looking at that from time to time. Looks like astro finally removed its dep on path-to-regexp two hours ago in 4.15.8! So, I will update our astro dep today and see if that fixes the audit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mayank99 mayank99 mayank99 approved these changes

@smmr-dn smmr-dn Awaiting requested review from smmr-dn smmr-dn is a code owner automatically assigned from iTwin/itwinui

Assignees

@mayank99 mayank99

@ben-polinsky ben-polinsky

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ben-polinsky @r100-stack @mayank99