Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Record SARIF results after security commands to upload for GitHub #138

Merged
merged 38 commits into from
Sep 4, 2024

Conversation

attiasas
Copy link
Contributor

@attiasas attiasas commented Aug 8, 2024

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Depends on:

Record SARIF results after security commands to upload for GitHub

Supported commands: docker scan and scan

When running one of those commands using https://github.com/jfrog/setup-jfrog-cli, the command will record the results in SARIF format and be uploaded to the GitHub Security tab if applicable.

image

Additional Improvements:

  • Patch to SARIF content to pass Github Ingestion Rules and to add additional context to the attributes
  • Job Summary - if docker image tag was not provided to jf docker scan <image> save record arg as <image>:latest
  • Job Summary - pad curation summary details tag with \n at the end to fix section

To Support uploading results from the CLI directly to GitHub Code scanning, transferring code from:
https://github.com/jfrog/frogbot/blob/master/utils/utils.go#L241

@attiasas attiasas added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request labels Aug 8, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 8, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Aug 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 14, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Aug 15, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 15, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 18, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Sep 4, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 4, 2024
Copy link

github-actions bot commented Sep 4, 2024

👍 Frogbot scanned this pull request and did not find any new security issues.


@attiasas attiasas merged commit 64585a6 into jfrog:dev Sep 4, 2024
8 of 9 checks passed
@attiasas attiasas deleted the dockerscan_sarif_imp branch September 4, 2024 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
new feature Automatically generated release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants