From 2cdd5ec23a7e6880527173f9acceafb30d74561c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:48:48 +0530 Subject: [PATCH 01/30] sca-scan.yml --- .github/workflows/sca-scan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index 2de2395..f09161f 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -3,13 +3,13 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sca: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/maven@master + uses: snyk/actions/node@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --fail-on=all + args: --all-projects --fail-on=all From 0a1de7471dfee320cf3adac5e58e409db1fd91ce Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:49:01 +0530 Subject: [PATCH 02/30] jira.yml --- .github/workflows/jira.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 5ddf87a..caa4bbd 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -3,7 +3,7 @@ on: pull_request: types: [opened] jobs: - security: + security-jira: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: @@ -26,3 +26,8 @@ jobs: PR: ${{ github.event.pull_request.html_url }} fields: "${{ secrets.JIRA_FIELDS }}" + - name: Transition issue + uses: atlassian/gajira-transition@v3 + with: + issue: ${{ steps.create.outputs.issue }} + transition: ${{ secrets.JIRA_TRANSITION }} From bbfb55abfbff6ce51db7155cb578c89abcf22ede Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:49:02 +0530 Subject: [PATCH 03/30] sast-scan.yml --- .github/workflows/sast-scan.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml new file mode 100644 index 0000000..3b9521a --- /dev/null +++ b/.github/workflows/sast-scan.yml @@ -0,0 +1,11 @@ +name: SAST Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-sast: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Semgrep Scan + run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 377a4d02b883e65d221f4de301fda40ce089c907 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 17 May 2024 20:49:03 +0530 Subject: [PATCH 04/30] codeql-analysis.yml From 04d28718cd311ac8380ebbb371dcf3bf4c183322 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:09:42 +0530 Subject: [PATCH 05/30] sca-scan.yml From 9cb3f374e14224e43e34718b0880e6e15bd0ac9d Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:09:54 +0530 Subject: [PATCH 06/30] jira.yml --- .github/workflows/jira.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index caa4bbd..250abc7 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -21,7 +21,7 @@ jobs: project: ${{ secrets.JIRA_PROJECT }} issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} summary: | - ${{ github.event.pull_request.title }} + Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} description: | PR: ${{ github.event.pull_request.html_url }} From 7ee9e672664ef7353be66914ef6a936da0ff871e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:09:55 +0530 Subject: [PATCH 07/30] sast-scan.yml From bf077e14bf98e881af3a66d761cff2b2dc967e4d Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:09:56 +0530 Subject: [PATCH 08/30] codeql-analysis.yml From 7c32d329fabbdb50035112d8f635cff6fca57340 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:10:00 +0530 Subject: [PATCH 09/30] Updated codeowners --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 0773923..1be7e0d 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @contentstack/security-admin \ No newline at end of file +* @contentstack/security-admin From a52eae873f4fe854be4e77665028dbb63503e4b8 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:19:14 +0530 Subject: [PATCH 10/30] fixes --- .github/workflows/codeql-analysis.yml | 12 +++++++- .github/workflows/maven.yml | 9 +++--- .github/workflows/sca-scan.yml | 4 +-- .vscode/settings.json | 3 ++ README.md | 6 +--- SECURITY.md | 27 ++++++++++++++++++ pom.xml | 41 ++++++++++++++++++++------- 7 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 SECURITY.md diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c82f108..473446a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,7 +14,7 @@ name: "CodeQL" on: pull_request: # The branches below must be a subset of the branches above - branches: '*' + branches: [master] jobs: analyze: @@ -53,7 +53,17 @@ jobs: # If this step fails, then you should remove it and run the build manually (see below) # - name: Autobuild # uses: github/codeql-action/autobuild@v2 +# Custom build steps for Java + - name: Set up JDK 17 + if: matrix.language == 'java' + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' # You can use 'zulu' or another distribution if needed + - name: Build with Maven + if: matrix.language == 'java' + run: mvn -B package --file pom.xml # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index c8aeb3a..ce769c0 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -15,10 +15,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + - uses: actions/checkout@v4 + - name: Set up JDK 17 + uses: actions/setup-java@v3 with: - java-version: 1.8 + java-version: 17 + distribution: 'temurin' - name: Build with Maven run: mvn -B package --file pom.xml diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index f09161f..2296ece 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -8,8 +8,8 @@ jobs: steps: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/node@master + uses: snyk/actions/maven@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --all-projects --fail-on=all + args: --fail-on=all diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..c5f3f6b --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "java.configuration.updateBuildConfiguration": "interactive" +} \ No newline at end of file diff --git a/README.md b/README.md index bbd1029..88622d3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Contentstack Web Application using Java SDK and Spring Boot -[![Contentstack|Java](https://pbs.twimg.com/profile_images/1266413833091903489/tGyTwTYc_200x200.jpg)](https://www.contentstack.com) +[![Contentstack|Java](https://images.contentstack.io/v3/assets/blt1d5d06b3b390a9b9/blt407a9a1894c64f39/6763ab40197ecab804ce33d7/java.svg)](https://www.contentstack.com/docs/developers/sdks/content-delivery-sdk/java/) ![Java CI with Maven](https://github.com/contentstack/contentstack-java-news-web-app-example/workflows/Java%20CI%20with%20Maven/badge.svg) @@ -93,10 +93,6 @@ Or Open your favorite browser and try calling: http://localhost:8080 [Read Documentation](https://www.contentstack.com/docs/developers/sample-apps/build-a-web-application-using-contentstack-java-sdk-and-spring-boot) -We have hosted our webapp on Herokuapp: - -#### https://contentstack-news.herokuapp.com - ![Screenshot](https://github.com/contentstack/contentstack-java-news-web-app-example/blob/master/screenshot.png?raw=true) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b7fec84 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,27 @@ +# Security + +Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations. + +If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Send email to [security@contentstack.com](mailto:security@contentstack.com). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. + + Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + + This information will help us triage your report more quickly. + + [https://www.contentstack.com/trust/](https://www.contentstack.com/trust/) diff --git a/pom.xml b/pom.xml index e5955ab..dc66cef 100644 --- a/pom.xml +++ b/pom.xml @@ -11,41 +11,53 @@ org.springframework.boot spring-boot-starter-parent - 3.1.4 + 3.4.0 - 1.8 - 3.1.4 + 17 + 3.4.0 5.2.2 - 1.12.2 + 1.5.13 org.springframework.boot spring-boot-starter-web - ${spring-boot.version} org.springframework.boot spring-boot-starter-freemarker - ${spring-boot.version} org.springframework.boot spring-boot-starter-thymeleaf - ${spring-boot.version} org.springframework.boot spring-boot-starter - ${spring-boot.version} + + + ch.qos.logback + logback-classic + + + + + ch.qos.logback + logback-classic com.contentstack.sdk java - 1.12.2 + 2.0.2 + + + junit + junit + + io.github.cdimascio @@ -54,13 +66,22 @@ + + + + org.jetbrains.kotlin + kotlin-stdlib + 2.1.0 + + + + org.springframework.boot spring-boot-maven-plugin - 3.1.4 From 8895e356b15dc9bd581c326a31a0952e6e473fb8 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:27:17 +0530 Subject: [PATCH 11/30] fix 1 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index dc66cef..cf157a8 100644 --- a/pom.xml +++ b/pom.xml @@ -11,12 +11,12 @@ org.springframework.boot spring-boot-starter-parent - 3.4.0 + 3.4.1 17 - 3.4.0 + 3.4.1 5.2.2 1.5.13 From 74a4f787139ffb669328cc699d3829be7eec4e11 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:30:41 +0530 Subject: [PATCH 12/30] fix 2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cf157a8..0bdf325 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 2.0.2 + 2.0.0 junit From 7c435c38bf581206a984eca05720a0a4c3cc45eb Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:32:06 +0530 Subject: [PATCH 13/30] fix 3 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0bdf325..799efb5 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 2.0.0 + 2.0.3 junit From 2e5e9a832566d1b8b91945a04c25987b0484bb70 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:39:41 +0530 Subject: [PATCH 14/30] fix 4 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 799efb5..c2b1f86 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 2.0.3 + 1.15.0 junit From 2f647332d9da1693288517fe3bfcd855d017f723 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:43:49 +0530 Subject: [PATCH 15/30] fix 5 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c2b1f86..0bdf325 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 1.15.0 + 2.0.0 junit From 682fb29abbcf5858973381191f9aa8f4c46001c7 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:48:46 +0530 Subject: [PATCH 16/30] fix6 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0bdf325..95b64c1 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 2.0.0 + 1.14.2 junit From 6f4d866521d7a0ea409426679f63775ed8ef006a Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 11:52:46 +0530 Subject: [PATCH 17/30] fix 7 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 95b64c1..7a4c2b8 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.contentstack.sdk java - 1.14.2 + 1.14.0 junit From e8b9a2dad185cb8dea4e5f168531fd66f6efa475 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:00:58 +0530 Subject: [PATCH 18/30] fix 8 --- pom.xml | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 7a4c2b8..9d04cdc 100644 --- a/pom.xml +++ b/pom.xml @@ -51,12 +51,20 @@ com.contentstack.sdk java - 1.14.0 + 2.0.3 junit junit + + com.squareup.okhttp3 + okhttp + + + com.squareup.okio + okio + @@ -64,7 +72,16 @@ java-dotenv ${json-smart.version} - + + com.squareup.okhttp3 + okhttp + 4.9.2 + + + com.squareup.okio + okio + 3.4.0 + From b40521e1f8f890f7cbf5c6c1e34a233a3f029dc1 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:07:51 +0530 Subject: [PATCH 19/30] fix 9 --- pom.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pom.xml b/pom.xml index 9d04cdc..ca9134b 100644 --- a/pom.xml +++ b/pom.xml @@ -82,6 +82,11 @@ okio 3.4.0 + + ch.qos.logback + logback-classic + 1.5.11 + @@ -90,6 +95,11 @@ kotlin-stdlib 2.1.0 + + org.apache.tomcat.embed + tomcat-embed-core + 10.1.35 + From 6c836bc0f90696090eef942c0028c25040741afa Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:10:15 +0530 Subject: [PATCH 20/30] fix 10 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ca9134b..0afdaa7 100644 --- a/pom.xml +++ b/pom.xml @@ -85,7 +85,7 @@ ch.qos.logback logback-classic - 1.5.11 + 1.5.13 From cc062fc00e79e46f87452f7100dab8ad2919f678 Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:32:33 +0530 Subject: [PATCH 21/30] logback removed --- pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pom.xml b/pom.xml index 0afdaa7..e44ec06 100644 --- a/pom.xml +++ b/pom.xml @@ -82,11 +82,6 @@ okio 3.4.0 - - ch.qos.logback - logback-classic - 1.5.13 - From 6d896cc2d1898534c25d0d87ffa3fa5a097e217e Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:38:09 +0530 Subject: [PATCH 22/30] fix 11 --- pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pom.xml b/pom.xml index e44ec06..0bf1297 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,6 @@ 17 3.4.1 5.2.2 - 1.5.13 @@ -44,10 +43,6 @@ - - ch.qos.logback - logback-classic - com.contentstack.sdk java From 99cde14caee1505652aba7475ed36aae69ea745e Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Tue, 1 Apr 2025 12:51:52 +0530 Subject: [PATCH 23/30] update JDK requirement to 17 or later in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 88622d3..6562c0f 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ If you want to create your own Spring Boot-based project, visit [Spring Initiali - Any text editor or IDE - - JDK 1.8 or later + - JDK 17 or later - Gradle 4+ or Maven 3.2+ From 7a8250921f6c01dce7e90b7fb25d6f2f06975502 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:53 +0530 Subject: [PATCH 24/30] policy-scan.yml --- .github/workflows/policy-scan.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/policy-scan.yml diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml new file mode 100644 index 0000000..13bd362 --- /dev/null +++ b/.github/workflows/policy-scan.yml @@ -0,0 +1,27 @@ +name: Checks the security policy and configurations +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-policy: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for SECURITY.md policy file + run: | + if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi + security-license: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for License file + run: | + if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file From 2b6674c76f48c210ca154e04a263a780f8dfe5e6 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:38:03 +0530 Subject: [PATCH 25/30] issues-jira.yml --- .github/workflows/issues-jira.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/issues-jira.yml diff --git a/.github/workflows/issues-jira.yml b/.github/workflows/issues-jira.yml new file mode 100644 index 0000000..7bf0469 --- /dev/null +++ b/.github/workflows/issues-jira.yml @@ -0,0 +1,31 @@ +name: Create Jira Ticket for Github Issue + +on: + issues: + types: [opened] + +jobs: + issue-jira: + runs-on: ubuntu-latest + steps: + + - name: Login to Jira + uses: atlassian/gajira-login@master + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + - name: Create Jira Issue + id: create_jira + uses: atlassian/gajira-create@master + with: + project: ${{ secrets.JIRA_PROJECT }} + issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} + summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }} + description: | + *GitHub Issue:* ${{ github.event.issue.html_url }} + + *Description:* + ${{ github.event.issue.body }} + fields: "${{ secrets.ISSUES_JIRA_FIELDS }}" \ No newline at end of file From 832c29ea551cd63acf752e73d586694141e26427 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:38:04 +0530 Subject: [PATCH 26/30] Delete jira.yml --- .github/workflows/jira.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/jira.yml diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml deleted file mode 100644 index 250abc7..0000000 --- a/.github/workflows/jira.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Create JIRA ISSUE -on: - pull_request: - types: [opened] -jobs: - security-jira: - if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Login into JIRA - uses: atlassian/gajira-login@master - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - name: Create a JIRA Issue - id: create - uses: atlassian/gajira-create@master - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: | - Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} - description: | - PR: ${{ github.event.pull_request.html_url }} - - fields: "${{ secrets.JIRA_FIELDS }}" - - name: Transition issue - uses: atlassian/gajira-transition@v3 - with: - issue: ${{ steps.create.outputs.issue }} - transition: ${{ secrets.JIRA_TRANSITION }} From 0fa77fec99afc130e82f9fe5b2048b68e3353a14 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:38:04 +0530 Subject: [PATCH 27/30] Delete sast-scan.yml --- .github/workflows/sast-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index 3b9521a..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-sast: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Semgrep Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 1595a8e1e717372bc4d9d81495f7340c68f2d54e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:38:06 +0530 Subject: [PATCH 28/30] codeql-analysis.yml From 164855a4c7b24e45090fe74e769f9eff530d5784 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:38:09 +0530 Subject: [PATCH 29/30] Updated codeowners From 72b5be025b69d2edd8ccf16eb73cf7e7f88c6744 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 23 Apr 2025 21:37:18 +0530 Subject: [PATCH 30/30] policy-scan.yml --- .github/workflows/policy-scan.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml index 13bd362..ff25923 100644 --- a/.github/workflows/policy-scan.yml +++ b/.github/workflows/policy-scan.yml @@ -24,4 +24,23 @@ jobs: - uses: actions/checkout@master - name: Checks for License file run: | - if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file + expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt") + license_file_found=false + current_year=$(date +"%Y") + + for license_file in "${expected_license_files[@]}"; do + if [ -f "$license_file" ]; then + license_file_found=true + # check the license file for the current year, if not exists, exit with error + if ! grep -q "$current_year" "$license_file"; then + echo "License file $license_file does not contain the current year." + exit 2 + fi + break + fi + done + + if [ "$license_file_found" = false ]; then + echo "No license file found. Please add a license file to the repository." + exit 1 + fi \ No newline at end of file