Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add workflow for dependency-track #3170

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add workflow for dependency-track #3170

wants to merge 1 commit into from
+49 −0

Conversation

martinakraus
Copy link

@martinakraus martinakraus commented Dec 19, 2024
edited by jira bot
Loading

Implements SEC-60

Key features

  1. Integration of Static Analysis Security Scanning Tool: Dependency Track: https://dtrack.security.dhis2.org/projects
  2. Running every night so it won't bother Developers

Description

Dependency Track will scan the created SBOM and analyze for CVEs and open vulnerabilities.
Those reports will be evaluated by the security team and will be brought back to the dev teams if something crucial pops up

@martinakraus
Copy link
Author

martinakraus commented Dec 19, 2024
edited
Loading

Ready for Review

@martinakraus martinakraus self-assigned this Dec 19, 2024
@dhis2-bot
Copy link
Contributor

dhis2-bot commented Dec 19, 2024
edited
Loading

🚀 Deployed on https://pr-3170.dashboard.netlify.dhis2.org

@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 09:49 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch from ffc38d2 to f657011 Compare December 19, 2024 10:11
@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 10:13 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch from f657011 to 21f5098 Compare December 19, 2024 10:52
@martinakraus martinakraus marked this pull request as draft December 19, 2024 11:07
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch 2 times, most recently from f01e791 to 29befe4 Compare December 19, 2024 11:14
@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 11:16 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch 2 times, most recently from 434a178 to 38bc511 Compare December 19, 2024 11:26
@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 11:28 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch from 38bc511 to f4a4112 Compare December 19, 2024 12:28
@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 12:30 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch from f4a4112 to 44143ef Compare December 19, 2024 12:51
@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 12:53 Inactive
@martinakraus martinakraus force-pushed the feat/integrate-dependecy-track branch from 44143ef to d21d5cf Compare December 19, 2024 12:59
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dhis2-bot dhis2-bot temporarily deployed to netlify December 19, 2024 13:01 Inactive
@martinakraus martinakraus marked this pull request as ready for review December 19, 2024 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jenniferarnesen jenniferarnesen Awaiting requested review from jenniferarnesen

At least 1 approving review is required to merge this pull request.

Assignees

@martinakraus martinakraus

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@martinakraus @dhis2-bot