Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local testing #483

Merged
merged 3 commits into from Apr 29, 2024
Merged

Local testing #483

merged 3 commits into from Apr 29, 2024

Conversation

maurafortino
Copy link
Contributor

made updates that were causing app to fail during local testing

@maurafortino maurafortino self-assigned this Apr 22, 2024
@maurafortino maurafortino added this to In progress in XMiDT via automation Apr 22, 2024
@guardrails GuardRails
Copy link

guardrails bot commented Apr 22, 2024
edited

⚠️ We detected 12 security issues in this pull request:

Hard-Coded Secrets (1)
Severity Details Docs
Medium Title: Secret Keyword

caduceus/internal/sink/sinkSender.go

Line 320 in 2f77e36

secret := "placeholderSecret"
📚

More info on how to fix Hard-Coded Secrets in General.

Insecure Network Communication (1)
Severity Details Docs
Medium Title: Insecure SSL/TLS versions allowed

caduceus/internal/sink/sinkWrapper.go

Line 126 in 2f77e36

TLSClientConfig: &tls.Config{InsecureSkipVerify: config.DisableClientHostnameValidation},
📚

More info on how to fix Insecure Network Communication in Go.

Vulnerable Libraries (10)
Severity Details
N/A pkg:golang/github.com/xmidt-org/touchstone@v0.1.2 - no patch available
N/A pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 - no patch available
N/A pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@v0.40.0 - no patch available
N/A pkg:golang/go.uber.org/zap@v1.24.0 - no patch available
N/A pkg:golang/github.com/xmidt-org/clortho@v0.0.4 - no patch available
N/A pkg:golang/github.com/go-kit/kit@v0.12.0 - no patch available
N/A pkg:golang/github.com/spf13/viper@v1.16.0 - no patch available
N/A pkg:golang/github.com/stretchr/testify@v1.8.4 - no patch available
N/A pkg:golang/github.com/xmidt-org/ancla@v0.3.11 - no patch available
N/A pkg:golang/github.com/xmidt-org/wrp-go/v3@v3.1.6 - no patch available

More info on how to fix Vulnerable Libraries in Go.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@maurafortino maurafortino changed the base branch from main to denopink/feat/rewrite April 29, 2024 15:50
denopink
denopink approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@denopink denopink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! keep up the great work 🍻

XMiDT automation moved this from In progress to PRs: Approved Apr 29, 2024
@denopink denopink merged commit 1bfc820 into denopink/feat/rewrite Apr 29, 2024
2 of 4 checks passed
XMiDT automation moved this from PRs: Approved to Done Apr 29, 2024
@denopink denopink deleted the local-testing branch April 29, 2024 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denopink denopink denopink approved these changes

Assignees

@maurafortino maurafortino

Labels
bug caduceus-refactor
Projects
XMiDT
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@maurafortino @denopink