Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BFD-3625: Add gitleaks to build-release #2422

Merged
merged 1 commit into from
Sep 5, 2024
Merged

BFD-3625: Add gitleaks to build-release #2422

merged 1 commit into from
Sep 5, 2024

Conversation

mjburling
Copy link
Member

@mjburling mjburling commented Sep 5, 2024
edited
Loading

JIRA Ticket:
BFD-3625

What Does This PR Do?

This effectively installs gitleaks from the latest gitleaks/gitleaks release archive inside the build-release workflow.

While gitleaks itself is MIT licensed, the official gitleaks action appears to require a free license when executing as part of a GitHub organization. I don't believe this flouts any specific licenses at issues as I've simply implemented a step to download/install the MIT-licensed gitleaks archive–I'd just rather not go through any additional steps to allow gitleaks executions to proceed as part of the build-release workflow.

What Should Reviewers Watch For?

If you're reviewing this PR, please check for these things in particular:

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

  • Adds any new software dependencies

  • Modifies any security controls

  • Adds new transmission or storage of data

  • Any other changes that could possibly affect security?

  • I have considered the above security implications as it relates to this PR. (If one or more of the above apply, it cannot be merged without the ISSO or team security engineer's (@sb-benohe) approval.)

Validation

Have you fully verified and tested these changes? Is the acceptance criteria met? Please provide reproducible testing instructions, code snippets, or screenshots as applicable.

I'm running the build-release workflow on the branch that backs this PR– it's already beyond the gitleaks step, but I'll be keeping this in draft until I've removed the automated commits from the history. ✅ Success!

dondevun
dondevun previously approved these changes Sep 5, 2024
View reviewed changes
@dondevun dondevun self-requested a review September 5, 2024 17:04
sb-benohe
sb-benohe previously approved these changes Sep 5, 2024
View reviewed changes
@sb-benohe
Copy link
Collaborator

Security Approved!

@mjburling mjburling dismissed stale reviews from sb-benohe and dondevun via 81c4057 September 5, 2024 17:13
@mjburling mjburling marked this pull request as ready for review September 5, 2024 17:15
@mjburling mjburling enabled auto-merge (squash) September 5, 2024 17:16
@mjburling mjburling merged commit bcb049e into master Sep 5, 2024
15 of 16 checks passed
@mjburling mjburling deleted the bfd-3625 branch September 5, 2024 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschey-forpeople aschey-forpeople aschey-forpeople approved these changes

@dondevun dondevun dondevun approved these changes

@sb-benohe sb-benohe sb-benohe left review comments

@meliGuzman meliGuzman Awaiting requested review from meliGuzman

@malessi malessi Awaiting requested review from malessi malessi is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mjburling @sb-benohe @dondevun @aschey-forpeople