APPSECTOOLS-28032 Sec Onboard: Code Analysis Onboarding #6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨
By Approving & Merging this PR, you are granting the security service permission to
make changes to your repository. This can include...
You need to Approve & MERGE this pull request to complete onboarding
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨
.
.
Sec Onboard - Code Analysis Onboarding - Pull Request
.
.
ℹ️ Please Review, Approve & Merge this Pull request
ℹ️ if needed, set yourself as the Jira Assignee, before merging
.
.
Code Analysis Platform
Provides development teams a single interface to connect to static security tool based validations and integrations.
The Code Analysis Platform is a self-serve security tooling platform that will enable developers to find and remediate vulnerabilities early - in the design and development phase.
In other words, we want to shift security to the left and make it easy to adopt.
For more details on the code analysis platform documentation
.
.
What Changes Will This Pull Request Make
.
ℹ️ Once Approved & Merged, it can take some time for the webhook & service account changes to be reflected
.
.
What This Means for My Code Repository
Once this PR is approved & merged, a code scanning webhook is installed. On each code push, a code scan will be run.
This is NON BLOCKING, it will always be successful, even if there are vulnerabilities found.
Developers can review the results returned and fix as needed.
The PR check is NON BLOCKING, code push / PR Merge will not be blocked.
Results of scans are NOT TRACKED and are not reported.
Pull Request will NOT BE BLOCKED no matter the result of the scan.
Used only to inform developers of potential vulnerabilities in their code.
For more details see docs
.
.
.
.
.
.
.
.
Sec Onboard Service Information
Accepting & Merging the PRs generated by the Sec Onboard service is essential to ensure your code repository remains aligned with Workday's security standards
The status of these PR are tracked - Code Repositories are considered to be in insecure state while the PR remains open
Sec Onboard Service will NEVER make ANY change to a code repository without first opening a PR and waiting for that PR to be approved & merged (including for actions such as installing/updating a webhook)
For more details on this security service see here
Support
Sec Onboard Service is owned by Security Lifecycle Engineering team
For any issues/questions please reach out on #ask_cybersecurity channel
.
.
.
ℹ️ NOTE: This Pull Request is auto-generated by 'Sec Onboard' service.