Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[StepSecurity] Apply security best practices #65

Merged
merged 28 commits into from
May 30, 2024
Merged

[StepSecurity] Apply security best practices #65

merged 28 commits into from
May 30, 2024

Conversation

step-security-bot
Copy link
Contributor

Summary

This pull request is created by StepSecurity at the request of @tylertitsworth. Please merge the Pull Request to incorporate the requested changes. Please tag @tylertitsworth on your message if you have any questions related to the PR.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.

Harden runner usage

You can find link to view insights and policy recommendation in the build log

Please refer to documentation to find more details.

Keeping your actions up to date with Dependabot

With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Feedback

For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot [email protected]

tylertitsworth
tylertitsworth previously approved these changes May 30, 2024
View reviewed changes
tylertitsworth and others added 23 commits May 30, 2024 15:00
@tylertitsworth
Update container-ci.yaml
3d75d2a
@tylertitsworth
Update integration-test.yaml
5a31429
@tylertitsworth
Update container-ci.yaml
92d30c2
@tylertitsworth
Update container-ci.yaml
e0f3e68
@tylertitsworth
Update action.yml
4faa73a
@tylertitsworth
Update container-ci.yaml
408264a
@tylertitsworth
Update docs.yaml
9939dd3
@tylertitsworth
Update gitleaks.yaml
454c3e0
@tylertitsworth
Update dependency-review.yaml
946da4c
@tylertitsworth
Update lint.yaml
94eccf7
@tylertitsworth
Update lint.yaml
1f4a75e
@tylertitsworth
Update integration-test.yaml
7888483
@tylertitsworth
Update container-ci.yaml
32bcb2c
@tylertitsworth
Update action.yml
716c196
@tylertitsworth
Update dependency-review.yaml
d503c32
@tylertitsworth
Update integration-test.yaml
b0a848e
@tylertitsworth
Update dependency-review.yaml
5bb17ef
@tylertitsworth
Update integration-test.yaml
70403bd
@tylertitsworth
Update integration-test.yaml
e941700
Merge branch 'main' into stepsecurity_remediation_1717106086
deeaf73 
Signed-off-by: Tyler Titsworth <[email protected]>
@tylertitsworth
Update chart-ci.yaml
0b16de4
@tylertitsworth
Update chart-ci.yaml
5ac2508
@tylertitsworth
Update gitleaks.yaml
0a5ea42
@tylertitsworth tylertitsworth merged commit 9ea41c5 into intel:main May 30, 2024
0 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tylertitsworth tylertitsworth tylertitsworth left review comments

@jitendra42 jitendra42 Awaiting requested review from jitendra42 jitendra42 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@step-security-bot @tylertitsworth