Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APPSECTOOLS-28032 Sec Onboard: Code Analysis Onboarding #6

Merged
merged 2 commits into from
Sep 11, 2024
Merged

APPSECTOOLS-28032 Sec Onboard: Code Analysis Onboarding #6

merged 2 commits into from
Sep 11, 2024

Conversation

svc-rat-appsec
Copy link
Contributor

🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨
By Approving & Merging this PR, you are granting the security service permission to
make changes to your repository. This can include...

  • adding/updating repository file(s)
  • installing/updating webhooks
  • service account access management
  • see What Changes Will Pull Request Make section below for details

You need to Approve & MERGE this pull request to complete onboarding
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨
.
.

Sec Onboard - Code Analysis Onboarding - Pull Request

.
.
ℹ️ Please Review, Approve & Merge this Pull request
ℹ️ if needed, set yourself as the Jira Assignee, before merging
.
.

Code Analysis Platform

Provides development teams a single interface to connect to static security tool based validations and integrations.

The Code Analysis Platform is a self-serve security tooling platform that will enable developers to find and remediate vulnerabilities early - in the design and development phase.
In other words, we want to shift security to the left and make it easy to adopt.

For more details on the code analysis platform documentation
.
.

What Changes Will This Pull Request Make

  • Add/Update Code Analysis config file ( ./security_config/security_config.yaml)
  • install Code Analysis webhook (if not already installed)
  • grant Code Analysis service account svc-secapi-appsec access (if not already granted)

.
ℹ️ Once Approved & Merged, it can take some time for the webhook & service account changes to be reflected
.
.

What This Means for My Code Repository

Once this PR is approved & merged, a code scanning webhook is installed. On each code push, a code scan will be run.
This is NON BLOCKING, it will always be successful, even if there are vulnerabilities found.

Developers can review the results returned and fix as needed.

The PR check is NON BLOCKING, code push / PR Merge will not be blocked.
Results of scans are NOT TRACKED and are not reported.
Pull Request will NOT BE BLOCKED no matter the result of the scan.

Used only to inform developers of potential vulnerabilities in their code.

For more details see docs

.
.
.
.
.
.
.
.

Sec Onboard Service Information

Accepting & Merging the PRs generated by the Sec Onboard service is essential to ensure your code repository remains aligned with Workday's security standards
The status of these PR are tracked - Code Repositories are considered to be in insecure state while the PR remains open

Sec Onboard Service will NEVER make ANY change to a code repository without first opening a PR and waiting for that PR to be approved & merged (including for actions such as installing/updating a webhook)

For more details on this security service see here

Support

Sec Onboard Service is owned by Security Lifecycle Engineering team
For any issues/questions please reach out on #ask_cybersecurity channel
.
.
.
ℹ️ NOTE: This Pull Request is auto-generated by 'Sec Onboard' service.

@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch from d75d6db to 496ba29 Compare July 14, 2024 05:48
@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch 2 times, most recently from bb99feb to 46257eb Compare July 28, 2024 05:21
@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch from 4b2e13b to 8ca43b7 Compare August 11, 2024 05:09
@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch from 4d531a5 to 5ff8d50 Compare August 18, 2024 05:16
@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch 2 times, most recently from 50b5fc6 to c3b72d0 Compare September 1, 2024 05:21
@svc-rat-appsec svc-rat-appsec force-pushed the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch from 110bb18 to 3614f50 Compare September 9, 2024 05:05
@Birajpjpt Birajpjpt merged commit e5e0ff6 into master Sep 11, 2024
1 check failed
@Birajpjpt Birajpjpt deleted the feature/APPSECTOOLS-28032-sec-onboard-code-analysis-onboarding branch September 11, 2024 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Birajpjpt Birajpjpt Birajpjpt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@svc-rat-appsec @Birajpjpt