Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add zap scan #4569

Closed
wants to merge 24 commits into from
Closed

chore: add zap scan #4569

wants to merge 24 commits into from

Conversation

drewbo
Copy link
Contributor

@drewbo drewbo commented Aug 7, 2024
edited
Loading

Changes proposed in this pull request:

  • Adds ZAP scanning for core/admin/queues
  • Uploads the results to S3

security considerations

This adds an admin test user to the database to scan sites, it is removed after scanning.

@drewbo drewbo force-pushed the chore-add-zap-scan branch 5 times, most recently from ba04674 to 956b3cc Compare August 7, 2024 15:18
@drewbo drewbo force-pushed the chore-add-zap-scan branch 2 times, most recently from 83e0f72 to 7a73239 Compare August 7, 2024 15:59
@drewbo drewbo requested a review from a team August 21, 2024 15:57
apburnes
apburnes reviewed Aug 21, 2024
View reviewed changes
Copy link
Contributor

@apburnes apburnes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few questions but this is a great addition to our process. Many hours per month will be saved for better use. 🏆

scripts/create-test-users.js Outdated
@@ -4,7 +4,7 @@ const factory = require('../test/api/support/factory');
const { authenticatedSession } = require('../e2e/auth-session');

async function createUsers() {
const user = await factory.user({ username: 'test-e2e-user' });
const user = await factory.user({ username: process.env.PAGES_TEST_USER || 'generic-test-user' });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to update this user to belong to an org? Manage an org?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't really have standardized fixture data for them to test against but having them in an org could be okay

scripts/count-yaml.sh Outdated Show resolved Hide resolved
ci/pipeline.yml Show resolved Hide resolved
@drewbo
Copy link
Contributor Author

drewbo commented Oct 25, 2024

Issues running this on admin/queues SPAs, closing for now

@drewbo drewbo closed this Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apburnes apburnes apburnes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drewbo @apburnes