Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

introduce make target for sast #85

Merged
merged 4 commits into from
Feb 13, 2025
Merged

introduce make target for sast #85

merged 4 commits into from
Feb 13, 2025

Conversation

aaronfern
Copy link
Contributor

@aaronfern aaronfern commented Jan 21, 2025
edited
Loading

What this PR does / why we need it:
This PR does the following

  1. This PR introduces two make targets: sast and sast-report to run gosec for Static Application Security Testing. It uses the default ruleset of gosec from gardener/gardener as introduced in Introduce gosec for Static Application Security Testing (SAST) gardener#9959. It also leverages the install-gosec.sh script present in the MCM repository to install gosec before testing.
  2. Adds make sast-report to the check script

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
Pending task it to adapt pipeline_definitions to include SAST linting logs in OCM descriptor. This will be taken care of in another PR

Release note:

Added `gosec` for Static Application Security Testing (SAST).

@aaronfern aaronfern requested review from a team as code owners January 21, 2025 12:54
@gardener-robot gardener-robot added needs/review Needs review size/l Size of pull request is large (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else labels Jan 21, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 21, 2025
elankath
elankath reviewed Jan 21, 2025
View reviewed changes
hack/sast.sh
@@ -0,0 +1,43 @@
#!/usr/bin/env bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there no better way suggested by gardener other than copying this file ?

elankath
elankath requested changes Jan 21, 2025
View reviewed changes
Copy link
Contributor

@elankath elankath left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

binary file tools/bin/gosec has been checked in by mistake

@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Jan 21, 2025
@gardener-robot gardener-robot added size/s Size of pull request is small (see gardener-robot robot/bots/size.py) and removed size/l Size of pull request is large (see gardener-robot robot/bots/size.py) labels Feb 13, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 13, 2025
@aaronfern aaronfern changed the title Update golang/mcm versions, and introduce make target for sast introduce make target for sast Feb 13, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
@gardener-robot gardener-robot added size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) and removed size/s Size of pull request is small (see gardener-robot robot/bots/size.py) labels Feb 13, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
takoverflow
takoverflow reviewed Feb 13, 2025
View reviewed changes
Copy link

@takoverflow takoverflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: tools.mk and sast.sh are missing newlines at the end, please add. Looks good otherwise.

@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 13, 2025
@aaronfern aaronfern merged commit 0c72de8 into gardener:master Feb 13, 2025
7 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elankath elankath elankath requested changes

@takoverflow takoverflow takoverflow approved these changes

Assignees
No one assigned
Labels
needs/changes Needs (more) changes needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review needs/second-opinion Needs second review by someone else size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@aaronfern @elankath @takoverflow @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot