ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-18 20:47:57 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ES-562: Updating .snyk YAML indentation & updating modules to scan on Snyk nightly (#7385)

Browse Source 
* NOTICK: Correct Yaml whitespace
* Update JenkinsfileSnykScan Snyk modules
* Correcting YAML indentation
* NOTICK: Update reges to match ES Jira tickets
* Removing bridge/bridgecapsule from main release branch CI pipeline
This commit is contained in:
Connel McGovern 2023-06-06 17:08:19 +01:00 committed by GitHub
parent d0f28a607f
commit 2246c94fd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/dev/nightly-regression/JenkinsfileSnykScan
View File

@ -3,5 +3,5 @@
cordaSnykScanPipeline (
snykTokenId: 'c4-os-snyk-api-token-secret',
// specify the Gradle submodules to scan and monitor on snyk Server
modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule']
modulesToScan: ['node', 'capsule']
)

2
.ci/dev/regression/Jenkinsfile vendored
View File

@ -92,7 +92,7 @@ pipeline {
steps {
script {
// Invoke Snyk for each Gradle sub project we wish to scan
def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule']
def modulesToScan = ['node', 'capsule']
modulesToScan.each { module ->
snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
}

2
.github/workflows/check-pr-title.yml vendored
View File

@ -9,6 +9,6 @@ jobs:
steps:
- uses: morrisoncole/pr-lint-action@v1.4.1
with:
title-regex: '^((CORDA|AG|EG|ENT|INFRA|NAAS)-\d+|NOTICK)(.*)'
title-regex: '^((CORDA|AG|EG|ENT|INFRA|NAAS|ES)-\d+|NOTICK)(.*)'
on-failed-regex-comment: "PR title failed to match regex -> `%regex%`"
repo-token: "${{ secrets.GITHUB_TOKEN }}"

14
.snyk
View File

@ -131,7 +131,7 @@ ignore:
this vulnerability.
expires: 2023-09-01T11:32:38.120Z
created: 2022-09-21T11:32:38.125Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
- '*':
reason: >-
Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required
@ -145,7 +145,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
nesting are potentially susceptible.
expires: 2023-09-01T12:04:40.180Z
created: 2023-02-09T12:04:40.209Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
- '*':
reason: >-
Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required
@ -159,7 +159,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
nesting are potentially susceptible.
expires: 2023-09-01T12:05:03.931Z
created: 2023-02-09T12:05:03.962Z
SNYK-JAVA-ORGYAML-2806360:
SNYK-JAVA-ORGYAML-2806360:
- '*':
reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -172,7 +172,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
not exposed to this DOS vulnerability.
expires: 2023-09-01T13:40:55.262Z
created: 2022-09-21T13:40:55.279Z
SNYK-JAVA-ORGYAML-3016891:
SNYK-JAVA-ORGYAML-3016891:
- '*':
reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -186,7 +186,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability.
expires: 2023-09-01T16:37:28.911Z
created: 2023-02-06T16:37:28.933Z
SNYK-JAVA-ORGYAML-3016888:
SNYK-JAVA-ORGYAML-3016888:
- '*':
reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -200,7 +200,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability.
expires: 2023-09-01T13:39:49.450Z
created: 2022-09-21T13:39:49.470Z
SNYK-JAVA-ORGYAML-3016889:
SNYK-JAVA-ORGYAML-3016889:
- '*':
reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -214,7 +214,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability.
expires: 2023-09-01T16:35:13.840Z
created: 2023-02-06T16:35:13.875Z
SNYK-JAVA-ORGYAML-3113851:
SNYK-JAVA-ORGYAML-3113851:
- '*':
reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use