Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Valentijn to dryrun exempt list #11617

Merged
merged 1 commit into from
Jan 22, 2025
Merged

Add Valentijn to dryrun exempt list #11617

merged 1 commit into from
Jan 22, 2025

Conversation

Maffooch
Copy link
Contributor

[sc-10023]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request updates the .dryrunsecurity.yaml configuration file by adding a new author and defining sensitive code paths, highlighting the importance of monitoring security-critical components of the application.

Expand for full summary

Summary:

This pull request updates the .dryrunsecurity.yaml configuration file by adding a new author, valentijnscholten, to the allowedAuthors section. While this change is not directly related to any security-specific functionality, the more interesting aspect of this pull request is the sensitiveCodepaths section, which lists a number of directories and files that are considered sensitive from a security perspective. These paths include various components of the Dojo application, such as API endpoints, database migrations, and templates, suggesting that the application may handle sensitive information or have security-critical functionality. As an application security engineer, I would recommend closely reviewing any changes to these sensitive code paths to ensure that the security posture of the application is maintained.

Files Changed:

  • .dryrunsecurity.yaml: This file has been updated to add a new author, valentijnscholten, to the allowedAuthors section. Additionally, the sensitiveCodepaths section lists several directories and files that are considered sensitive from a security perspective, including API endpoints, database migrations, and templates. These sensitive code paths should be closely monitored for any changes to ensure the ongoing security of the application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jan 22, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro
Copy link
Contributor

@valentijnscholten Just so you know this is happening

valentijnscholten
valentijnscholten approved these changes Jan 22, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved ;-)

@mtesauro
Copy link
Contributor

Approved ;-)

Hey, that's cheating 😄

@Maffooch Maffooch merged commit 6e86d45 into master Jan 22, 2025
73 of 74 checks passed
@Maffooch Maffooch deleted the Maffooch-patch-1 branch January 22, 2025 20:16
Maffooch added a commit that referenced this pull request Jan 24, 2025
@dependabot @paulOsinski @Maffooch
Bump asteval from 1.0.5 to 1.0.6 (#11633)
85e0e46 
* Bump vite from 6.0.7 to 6.0.9 in /docs (#11610)

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.0.9.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.9/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Pro Release Notes 2.42.2 (#11611)

* update changelog 2.42.2

* add additional 2.42.1 features

---------

Co-authored-by: Paul Osinski <[email protected]>

* Update .dryrunsecurity.yaml (#11617)

* Readme docs - followup PR (#11525)

* follow on to readme update

* remove broken /pricing link

* chg local_settings refs ldap-authentication.md

---------

Co-authored-by: Paul Osinski <[email protected]>

* Bump asteval from 1.0.5 to 1.0.6

Bumps [asteval](https://github.com/lmfit/asteval) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/lmfit/asteval/releases)
- [Commits](lmfit/asteval@1.0.5...1.0.6)

---
updated-dependencies:
- dependency-name: asteval
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hblankenship hblankenship hblankenship approved these changes

@dogboat dogboat dogboat approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@mtesauro mtesauro mtesauro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @mtesauro @valentijnscholten @dogboat @hblankenship