Security issues reported from GH #1281
Assignees
Labels
area/ipcei
Important Project of Common European Interest
area/security
Security relevant
lifecycle/icebox
Temporarily on hold (will not age; may have dependencies, lack priority, miss feedback, etc.)
Milestone
Comments
morri-son
added
area/security
github-actions
bot
added
the
area/ipcei
This was
linked to
pull requests
Feb 4, 2025
|
Can you please give me access? |
@maximilianbraun done |
|
related: #1233 |
This was
unlinked from
pull requests
Feb 5, 2025
morri-son
pushed a commit
that referenced
this issue
Feb 5, 2025
<!-- markdownlint-disable MD041 --> #### What this PR does / why we need it #### Which issue(s) this PR fixes <!-- Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> #1281
github-project-automation
bot
moved this from 🏗 In Progress
to 🍺 Done
in OCM Backlog Board
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The gardener team reported issues with regards to SAST checks on the ocm repo: https://github.tools.sap/kubernetes/compliance-reporting/issues/7731. Since we have GH Advanced security in place and in addition to that added gosec, we should be save watching the security alerts in the GH UI as it displays result of all scans.
In https://github.com/open-component-model/ocm/security/code-scanning there are issues reported with severity high. Copilot generated proposals how to fix the issues. All PRs are linked to this issue. Please carefully check the Copilot proposal for correctness.
Check if the alerts are even relevant and not a false-positive. In case they don't need to be fixed, go to https://github.com/open-component-model/ocm/security/code-scanning, select the error and use the "Dismiss Alert" button on the upper right corner of the UI and select the reason for the dismissal.
The text was updated successfully, but these errors were encountered: