From 6fc1b0ee1dd2364640cb4f1e77fdecd78980cd0b Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Tue, 12 Sep 2023 14:42:34 +0200 Subject: [PATCH 1/2] SEC-880: Changed timeframe for stale dependabot PRs from 21 to 30 days See: https://northerntech.atlassian.net/browse/SEC-880 Signed-off-by: Ole Herman Schumacher Elgesem --- tom/reports.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tom/reports.py b/tom/reports.py index a656b3c..c69d2b4 100644 --- a/tom/reports.py +++ b/tom/reports.py @@ -30,7 +30,7 @@ def dump(self): data["created"] = str(pr.created) data["author"] = pr.author all.append(data) - if datetime.datetime.now() - pr.created < datetime.timedelta(days=21): + if datetime.datetime.now() - pr.created < datetime.timedelta(days=30): continue if pr.author == "dependabot[bot]": dependabot.append(data) From eb20529f2bfca0a87f78dfcbc17c9a29e9524036 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Tue, 12 Sep 2023 14:51:01 +0200 Subject: [PATCH 2/2] SEC-881: Excluded mender-test-containers from dependabot report See: https://northerntech.atlassian.net/browse/SEC-881 Signed-off-by: Ole Herman Schumacher Elgesem --- tom/reports.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tom/reports.py b/tom/reports.py index c69d2b4..89a9d89 100644 --- a/tom/reports.py +++ b/tom/reports.py @@ -32,7 +32,10 @@ def dump(self): all.append(data) if datetime.datetime.now() - pr.created < datetime.timedelta(days=30): continue - if pr.author == "dependabot[bot]": + if pr.author == "dependabot[bot]" and not pr.url.startswith( + "https://github.com/mendersoftware/mender-test-containers/pull/" + ): + # TODO - see: https://northerntech.atlassian.net/browse/SEC-881 dependabot.append(data) old.append(data)