Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(security): resolve security alerts (backport #12466) #12496

Merged
merged 1 commit into from
Jan 9, 2025
Merged

ci(security): resolve security alerts (backport #12466) #12496

merged 1 commit into from
Jan 9, 2025

Conversation

bartsmykla
Copy link
Contributor

Scorecard has some security alerts that need to be addressed.

  • Pinned git commit hashes for scripts sourced from GitHub repositories in mk/dependencies/*.sh scripts.
  • Pinned hashes for some GitHub Actions.
  • Added comments to cron schedules for CodeQL and Scorecard GitHub Actions.
  • Removed unnecessary contents: read permission in the CodeQL GitHub Action.

Changelog: skip

@bartsmykla @github-actions
ci(security): resolve security alerts (kumahq#12466)
3b7d15f 
Scorecard has some security alerts that need to be addressed.

- Pinned git commit hashes for scripts sourced from GitHub repositories
in `mk/dependencies/*.sh` scripts.
- Pinned hashes for some GitHub Actions.
- Added comments to cron schedules for CodeQL and Scorecard GitHub
Actions.
- Removed unnecessary `contents: read` permission in the CodeQL GitHub
Action.

> Changelog: skip

<!--
Uncomment the above section to explicitly set a [`> Changelog:` entry
here](https://github.com/kumahq/kuma/blob/master/CONTRIBUTING.md#submitting-a-patch)?
-->

---------

Signed-off-by: Bart Smykla <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@bartsmykla bartsmykla requested a review from lukidzi January 9, 2025 13:02
@bartsmykla bartsmykla requested a review from a team as a code owner January 9, 2025 13:02
@bartsmykla bartsmykla enabled auto-merge (squash) January 9, 2025 13:05
@bartsmykla bartsmykla merged commit 5851c82 into kumahq:release-2.6 Jan 9, 2025
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukidzi lukidzi lukidzi approved these changes

@jakubdyszkiewicz jakubdyszkiewicz Awaiting requested review from jakubdyszkiewicz jakubdyszkiewicz is a code owner automatically assigned from kumahq/kuma-maintainers

Assignees
No one assigned
Labels
area/ci-cd release-2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bartsmykla @lukidzi