-
Notifications
You must be signed in to change notification settings - Fork 7
Linting and Security Scans #309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
GA-XavierGonzalez
merged 67 commits into
develop
from
CICDE-408-modify-existing-scans-to-git-hub-actions
Jan 16, 2026
Merged
Changes from 10 commits
Commits
Show all changes
67 commits
Select commit
Hold shift + click to select a range
010b333
added gitleaks action for testing
GA-XavierGonzalez 17fadeb
added GL license arg
GA-XavierGonzalez b550864
added minimal ruff step
GA-XavierGonzalez cdfd093
added bandit step
GA-XavierGonzalez 5201922
yml fmt
GA-XavierGonzalez 593d5c2
Merge branch 'develop' into CICDE-408-modify-existing-scans-to-git-hu…
GA-XavierGonzalez fa87c8d
added fake secret to test gitleaks
GA-XavierGonzalez dc30e25
added fake secret to test gitleaks
GA-XavierGonzalez ff16650
introduced more issues for testing
GA-XavierGonzalez f689034
testing ruff
GA-XavierGonzalez e49b75f
ruff output format
GA-XavierGonzalez 1fed60e
added fake aws token
GA-XavierGonzalez 619e408
switched gitleaks to full scan mode. Will continue to flag detected s…
GA-XavierGonzalez 7be947a
troubleshooting gitleaks issue
GA-XavierGonzalez e1afe20
added permissions to gitleaks step
GA-XavierGonzalez 4eb79c8
testing gitleaks with proper permissions
GA-XavierGonzalez b663f90
yml fmt
GA-XavierGonzalez 4b33d2b
added workflow dispatch to trivy, modified gitleaks
GA-XavierGonzalez fd4f0a2
removed test secrets
GA-XavierGonzalez 2435cc1
added push and pr invocations for vuln scanner
GA-XavierGonzalez 7204081
updated trivy action
GA-XavierGonzalez 5487385
removed cron from scanner job
GA-XavierGonzalez 650faec
added action permissions to scanner
GA-XavierGonzalez fcf4d9f
removed push invocation from linters
GA-XavierGonzalez b57f5f9
testing dev environment
GA-XavierGonzalez 7eda19f
added push invocation to ruff
GA-XavierGonzalez 5a69ec4
added reference to ECR for image
GA-XavierGonzalez 381f952
removed ruff from dev env, reinstated push invoke to gitleaks
GA-XavierGonzalez d2b453a
updated aws cred action version
GA-XavierGonzalez 7f698f4
removed push invocation from linters
GA-XavierGonzalez d73834a
added ID permissions to vuln scanner
GA-XavierGonzalez c2c488d
format
GA-XavierGonzalez 59ad852
reverted changes to vuln scan and sandbox push
GA-XavierGonzalez 68bd8fa
testing trivy on locally built image
GA-XavierGonzalez 88680f2
clear disk space AFTER trivy
GA-XavierGonzalez d922ff3
added disk clear step. Added readme notes
GA-XavierGonzalez 16e541e
specified vuln scan to speed up trivy, increased timeout to 15m
GA-XavierGonzalez 527d5d7
specified vuln scan to speed up trivy, increased timeout to 15m
GA-XavierGonzalez b81b68a
github output format for trivy
GA-XavierGonzalez c91c954
sarif output with upload permissions for trivy
GA-XavierGonzalez a8880cf
removed unneeded permissions block
GA-XavierGonzalez dba2eab
trivy continue on error
GA-XavierGonzalez 47c6df0
trivy set to critical only. python linters combined
GA-XavierGonzalez f512bb6
yml fmt, removed unneeded permission scoping from gitleaks action
GA-XavierGonzalez 7bafb78
added push invocation to python linters
GA-XavierGonzalez 7051ec7
typo
GA-XavierGonzalez c4d0ec8
readded push invocations
GA-XavierGonzalez 15780e7
some formatting, added high cves back into trivy for testing
GA-XavierGonzalez 46db3f8
added test bad code
GA-XavierGonzalez bf14be6
testing github builting scanning
GA-XavierGonzalez 5cf8c77
enabled all trivy alerts
GA-XavierGonzalez 6589aee
testing github builting scanning
GA-XavierGonzalez 0ddf4d3
testing github builting scanning
GA-XavierGonzalez bec208f
testing github builting scanning
GA-XavierGonzalez c3fefc2
typo in trivy action
GA-XavierGonzalez d9e4d6f
added push invocation to trivy
GA-XavierGonzalez a174f09
reverted invocation for image scanner, specified critical CVE only
GA-XavierGonzalez 3b71cda
removed test secrets
GA-XavierGonzalez ac667aa
Merge branch 'develop' into CICDE-408-modify-existing-scans-to-git-hu…
GA-XavierGonzalez 74bbc72
refactor
GA-XavierGonzalez ad5c5b4
fixed reference to scan-image.yml, docs
GA-XavierGonzalez 3e8f0aa
turned off scan-image for draft PR
GA-XavierGonzalez 1808143
turned off integration-test for draft PR
GA-XavierGonzalez 5e4d74c
reverted change
GA-XavierGonzalez 6226695
only trigger python lint on PR with .py change
GA-XavierGonzalez 9955b8b
set gitleaks fetch depth to 1. It will NOT scan commit history
GA-XavierGonzalez 46bfea0
ignored fake secrets with gitleaks config
GA-XavierGonzalez File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| name: Bandit | ||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| analyze: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| # Required for all workflows | ||
| security-events: write | ||
| # Only required for workflows in private repositories | ||
| actions: read | ||
| contents: read | ||
| steps: | ||
| - name: Perform Bandit Analysis | ||
| uses: PyCQA/bandit-action@v1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: gitleaks | ||
| on: | ||
| pull_request: | ||
| push: | ||
| workflow_dispatch: | ||
| schedule: | ||
| - cron: "0 4 * * *" # run once a day at 4 AM | ||
| jobs: | ||
| scan: | ||
| name: gitleaks | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: gitleaks/gitleaks-action@v2 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| name: ruff | ||
| on: | ||
| push: | ||
| pull_request: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| ruff: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.11" | ||
| - run: pip install ruff | ||
| - run: ruff check . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛑 Gitleaks has detected a secret with rule-id
discord-client-secretin commit f689034.If this secret is a true positive, please rotate the secret ASAP.
If this secret is a false positive, you can add the fingerprint below to your
.gitleaksignorefile and commit the change to this branch.