ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 21:17:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ES-562: Updating .snyk YAML indentation & updating modules to scan on Snyk nightly (#7385)

Browse Source 
* NOTICK: Correct Yaml whitespace
* Update JenkinsfileSnykScan Snyk modules
* Correcting YAML indentation
* NOTICK: Update reges to match ES Jira tickets
* Removing bridge/bridgecapsule from main release branch CI pipeline
This commit is contained in:
Connel McGovern 2023-06-06 17:08:19 +01:00 committed by GitHub
parent d0f28a607f
commit 2246c94fd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/dev/nightly-regression/JenkinsfileSnykScan
View File

@ -3,5 +3,5 @@
cordaSnykScanPipeline ( cordaSnykScanPipeline (
snykTokenId: 'c4-os-snyk-api-token-secret', snykTokenId: 'c4-os-snyk-api-token-secret',
// specify the Gradle submodules to scan and monitor on snyk Server // specify the Gradle submodules to scan and monitor on snyk Server
modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule'] modulesToScan: ['node', 'capsule']
) )

2
.ci/dev/regression/Jenkinsfile vendored
View File

@ -92,7 +92,7 @@ pipeline {
steps { steps {
script { script {
// Invoke Snyk for each Gradle sub project we wish to scan // Invoke Snyk for each Gradle sub project we wish to scan
def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule'] def modulesToScan = ['node', 'capsule']
modulesToScan.each { module -> modulesToScan.each { module ->
snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
} }

2
.github/workflows/check-pr-title.yml vendored
View File

@ -9,6 +9,6 @@ jobs:
steps: steps:
- uses: morrisoncole/pr-lint-action@v1.4.1 - uses: morrisoncole/pr-lint-action@v1.4.1
with: with:
title-regex: '^((CORDA|AG|EG|ENT|INFRA|NAAS)-\d+|NOTICK)(.*)' title-regex: '^((CORDA|AG|EG|ENT|INFRA|NAAS|ES)-\d+|NOTICK)(.*)'
on-failed-regex-comment: "PR title failed to match regex -> `%regex%`" on-failed-regex-comment: "PR title failed to match regex -> `%regex%`"
repo-token: "${{ secrets.GITHUB_TOKEN }}" repo-token: "${{ secrets.GITHUB_TOKEN }}"

14
.snyk
View File

@ -131,7 +131,7 @@ ignore:
this vulnerability. this vulnerability.
expires: 2023-09-01T11:32:38.120Z expires: 2023-09-01T11:32:38.120Z
created: 2022-09-21T11:32:38.125Z created: 2022-09-21T11:32:38.125Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
- '*': - '*':
reason: >- reason: >-
Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required
@ -145,7 +145,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
nesting are potentially susceptible. nesting are potentially susceptible.
expires: 2023-09-01T12:04:40.180Z expires: 2023-09-01T12:04:40.180Z
created: 2023-02-09T12:04:40.209Z created: 2023-02-09T12:04:40.209Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
- '*': - '*':
reason: >- reason: >-
Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required Corda does not set the non-default UNWRAP_SINGLE_VALUE_ARRAYS required
@ -159,7 +159,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
nesting are potentially susceptible. nesting are potentially susceptible.
expires: 2023-09-01T12:05:03.931Z expires: 2023-09-01T12:05:03.931Z
created: 2023-02-09T12:05:03.962Z created: 2023-02-09T12:05:03.962Z
SNYK-JAVA-ORGYAML-2806360: SNYK-JAVA-ORGYAML-2806360:
- '*': - '*':
reason: >- reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -172,7 +172,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
not exposed to this DOS vulnerability. not exposed to this DOS vulnerability.
expires: 2023-09-01T13:40:55.262Z expires: 2023-09-01T13:40:55.262Z
created: 2022-09-21T13:40:55.279Z created: 2022-09-21T13:40:55.279Z
SNYK-JAVA-ORGYAML-3016891: SNYK-JAVA-ORGYAML-3016891:
- '*': - '*':
reason: >- reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -186,7 +186,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability. vulnerability.
expires: 2023-09-01T16:37:28.911Z expires: 2023-09-01T16:37:28.911Z
created: 2023-02-06T16:37:28.933Z created: 2023-02-06T16:37:28.933Z
SNYK-JAVA-ORGYAML-3016888: SNYK-JAVA-ORGYAML-3016888:
- '*': - '*':
reason: >- reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -200,7 +200,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability. vulnerability.
expires: 2023-09-01T13:39:49.450Z expires: 2023-09-01T13:39:49.450Z
created: 2022-09-21T13:39:49.470Z created: 2022-09-21T13:39:49.470Z
SNYK-JAVA-ORGYAML-3016889: SNYK-JAVA-ORGYAML-3016889:
- '*': - '*':
reason: >- reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use Snakeyaml is being used by Jackson and liquidbase. Corda does not use
@ -214,7 +214,7 @@ SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
vulnerability. vulnerability.
expires: 2023-09-01T16:35:13.840Z expires: 2023-09-01T16:35:13.840Z
created: 2023-02-06T16:35:13.875Z created: 2023-02-06T16:35:13.875Z
SNYK-JAVA-ORGYAML-3113851: SNYK-JAVA-ORGYAML-3113851:
- '*': - '*':
reason: >- reason: >-
Snakeyaml is being used by Jackson and liquidbase. Corda does not use Snakeyaml is being used by Jackson and liquidbase. Corda does not use