ceph-csi

mirrors/ceph-csi

Fork 0

mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-10 00:10:20 +00:00

Commit Graph

Author	SHA1	Message	Date
StepSecurity Bot	56d08e1b4d	ci: Harden GitHub Actions Update GitHub actions to use full length commit ids for third-party actions to reduce security risk in case of vulnerabilities. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>	2024-09-19 11:00:39 +00:00
Niels de Vos	cde5048dd2	ci: pass the correct account token for Snyk jobs The secret in the project settings has a typo and is called `SYNK_TOKEN` instead of `SNYK_TOKEN`. Changing the name of the secret does not seem to be trivial; it needs to be deleted and re-created, which requires obtaining a new token, somehow. Adopting the name with the typo in the GitHub Workflow is easier. Signed-off-by: Niels de Vos <ndevos@ibm.com>	2024-08-27 09:58:24 +00:00
Madhu Rajanna	6b3665b80c	ci: add snyk scanning adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>	2023-11-16 05:23:19 +00:00

Author

SHA1

Message

Date

StepSecurity Bot

56d08e1b4d

ci: Harden GitHub Actions

Update GitHub actions to use full length commit ids for
third-party actions to reduce security risk in case of vulnerabilities.

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>

2024-09-19 11:00:39 +00:00

Niels de Vos

cde5048dd2

ci: pass the correct account token for Snyk jobs

The secret in the project settings has a typo and is called `SYNK_TOKEN`
instead of `SNYK_TOKEN`. Changing the name of the secret does not seem
to be trivial; it needs to be deleted and re-created, which requires
obtaining a new token, somehow. Adopting the name with the typo in the
GitHub Workflow is easier.

Signed-off-by: Niels de Vos <ndevos@ibm.com>

2024-08-27 09:58:24 +00:00

Madhu Rajanna

6b3665b80c

ci: add snyk scanning

adding snyk github action to
run when a PR is merged to the release
branch or when a new release is done.
Run snyk weekly on the devel branch.
This will help us to track the security
scanning results and fix if anything is
required and also it serves as a placeholder
for security scanning result for a while.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

2023-11-16 05:23:19 +00:00

3 Commits