Skip to content

Create snyk-scan.yml#397

Merged
jlind23 merged 3 commits intomainfrom
jlind23/Snyk-setup
May 10, 2022
Merged

Create snyk-scan.yml#397
jlind23 merged 3 commits intomainfrom
jlind23/Snyk-setup

Conversation

@jlind23
Copy link
Copy Markdown
Contributor

@jlind23 jlind23 commented May 2, 2022
edited
Loading

Snyk github action will perform the tests and then results will be pushed to the Github security tab: https://github.com/elastic/elastic-agent/security

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 2, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-02T14:28:41.395+0000

  • Duration: 17 min 58 sec

Test stats 🧪

Test Results
Failed 0
Passed 3849
Skipped 21
Total 3870

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages.

  • run integration tests : Run the Elastic Agent Integration tests.

  • run end-to-end tests : Generate the packages and run the E2E Tests.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 2, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 95.652% (66/69) 👍
Files 69.524% (146/210) 👍
Classes 69.194% (292/422) 👍
Methods 52.493% (800/1524) 👍
Lines 38.726% (8596/22197) 👍 0.009
Conditionals 100.0% (0/0) 💚

@mergify mergify bot assigned jlind23 May 2, 2022
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented May 2, 2022

This pull request does not have a backport label. Could you fix it @jlind23? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip label May 2, 2022
@jlind23 jlind23 marked this pull request as ready for review May 2, 2022 14:34
@jlind23 jlind23 requested a review from a team as a code owner May 2, 2022 14:34
@jlind23 jlind23 requested review from a team, aleksmaus and ph and removed request for a team May 2, 2022 14:34
ph
ph reviewed May 3, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jlind23 This looks to work for me.

Testing /github/workspace...

Organization:      beats
Package manager:   gomodules
Target file:       go.mod
Project name:      github.com/elastic/elastic-agent
Open source:       no
Project path:      /github/workspace
Licenses:          enabled

✔ Tested 556 dependencies for known issues, no vulnerable paths found.

@ph
Copy link
Copy Markdown
Contributor

ph commented May 3, 2022

@jlind23 We really need a better way to keep these things in sync for multiple repositories.

@jlind23
Copy link
Copy Markdown
Contributor Author

jlind23 commented May 4, 2022

@ph agree. @levinebw what would be the best way to setup snyk on multiple repositories without having to update the config in each one individually?

@ph
Copy link
Copy Markdown
Contributor

ph commented May 5, 2022

@jlind23 I think robots might have existing tooling to do just that.

@levinebw
Copy link
Copy Markdown

levinebw commented May 5, 2022

Snyk github action will perform the tests and then results will be pushed to the Github security tab: https://github.com/elastic/elastic-agent/security

@jlind23 are you sure we are at a stage to push the Snky scan results to a public tab?

@levinebw what would be the best way to setup snyk on multiple repositories without having to update the config in each one individually?

I don't know... @jkakavas @thomheymann @jportner may have some thoughts; and/or you can raise a question to support@snyk.io

@jlind23
Copy link
Copy Markdown
Contributor Author

jlind23 commented May 6, 2022

@levinebw AFAIK code scanning alert is not publicly available, am i wrong?

@levinebw
Copy link
Copy Markdown

levinebw commented May 6, 2022

@levinebw AFAIK code scanning alert is not publicly available, am i wrong?

I see some content under the public security tab about the job, https://github.com/elastic/elastic-agent/runs/6258878535?check_suite_focus=true, I suppose you are right, the results are not getting pushed publicly

@jlind23 jlind23 merged commit ce2c92b into main May 10, 2022
v1v added a commit to v1v/elastic-agent that referenced this pull request May 18, 2022
@v1v
Merge branch 'main' of github.com:elastic/elastic-agent into feature/…
df58c6c 
…use-orka

* 'main' of github.com:elastic/elastic-agent: (23 commits)
  [Automation] Update go release version to 1.17.10 (elastic#432)
  [Automation] Update elastic stack version to 8.3.0-4149272f for testing (elastic#435)
  [Automation] Update elastic stack version to 8.3.0-19aba912 for testing (elastic#430)
  Add extra k8s resources in clusterRole (elastic#424)
  [Automation] Update elastic stack version to 8.3.0-8ee1196f for testing (elastic#422)
  [Automation] Update elastic stack version to 8.3.0-53513548 for testing (elastic#421)
  Add tags option during enroll/install (elastic#336)
  validate kubernetes templates in .CI (elastic#417)
  add missing kube-api resources from managed agent manifest (elastic#381)
  Create snyk-scan.yml (elastic#397)
  [Automation] Update elastic stack version to 8.3.0-d380914f for testing (elastic#414)
  [Automation] Update elastic stack version to 8.3.0-5c1ff35f for testing (elastic#413)
  [Automation] Update elastic stack version to 8.3.0-6ba9f710 for testing (elastic#410)
  [Automation] Update elastic stack version to 8.3.0-a1c5cfff for testing (elastic#406)
  [Automation] Update elastic stack version to 8.3.0-7f585873 for testing (elastic#401)
  [Automation] Update elastic stack version to 8.3.0-0b6ea9f2 for testing (elastic#399)
  ci: enable coverage (elastic#377)
  Remove last dependencies on beats repo (elastic#387)
  Remove dependency on libbeat (elastic#344)
  [Automation] Update elastic stack version to 8.3.0-cb2ce38c for testing (elastic#383)
  ...
@jlind23 jlind23 deleted the jlind23/Snyk-setup branch May 4, 2023 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aleksmaus aleksmaus Awaiting requested review from aleksmaus aleksmaus is a code owner automatically assigned from elastic/elastic-agent-control-plane

1 more reviewer

@ph ph ph approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jlind23 jlind23

Labels

backport-skip

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jlind23 @elasticmachine @ph @levinebw