Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added centralized config utilization in Audit for CI Next #146

Merged
merged 27 commits into from
Sep 4, 2024
Merged

Added centralized config utilization in Audit for CI Next #146

merged 27 commits into from
Sep 4, 2024

Conversation

eranturgeman
Copy link
Contributor

@eranturgeman eranturgeman commented Aug 15, 2024
edited
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

IMPORTANT NOTE: This new capability is currently intended for use by JFrog internal processes ONLY! It will not be supported for customers until the official release!

This PR contain the following changes:

  1. Utilization of ConfigProfile, if exists, in order to resolve which scans to perform. This addition meant to be used by CI Next ONLY, and is currently support Secrets and Sast scanners ONLY.
    If a Config profile exists it takes priority over definitions in jfrog-apps-config, but, it takes lower prioritization if flags/env variables were provided from CLI while running 'jf audit' (although 'jf audit' is not meant to use this feature yet).
  2. Adjustments to ErrorReport service to align with the two other existing xsc services in this repo

related PR: jfrog/jfrog-client-go#1002

@eranturgeman eranturgeman added the ignore for release Automatically generated release notes label Aug 15, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@eranturgeman
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
4485a3f 
…o centralized-config-implementation

# Conflicts:
#	utils/xsc/xscmanager.go
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Aug 19, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 25, 2024
attiasas
attiasas reviewed Aug 26, 2024
View reviewed changes
Copy link
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!, take a look at my comments

commands/audit/scarunner.go Outdated Show resolved Hide resolved
jas/runner/jasrunner.go Outdated Show resolved Hide resolved
jas/runner/jasrunner.go Show resolved Hide resolved
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 1, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 1, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 2, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 2, 2024
attiasas
attiasas reviewed Sep 3, 2024
View reviewed changes
commands/audit/audit_test.go Outdated Show resolved Hide resolved
commands/audit/audit_test.go Outdated Show resolved Hide resolved
commands/audit/audit_test.go Outdated Show resolved Hide resolved
commands/audit/audit_test.go Outdated Show resolved Hide resolved
commands/audit/scarunner.go Outdated Show resolved Hide resolved
utils/test_mocks.go Outdated Show resolved Hide resolved
utils/test_mocks.go Outdated Show resolved Hide resolved
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 4, 2024

👍 Frogbot scanned this pull request and did not find any new security issues.

@eranturgeman eranturgeman merged commit e2976fb into jfrog:dev Sep 4, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@attiasas attiasas attiasas approved these changes

Assignees
No one assigned
Labels
ignore for release Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eranturgeman @attiasas