-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update bandit.yml with version bump #2497
Open
reactive-firewall
wants to merge
3
commits into
actions:main
Choose a base branch
from
reactive-firewall:patch-1
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
code-scanning
Related to workflows that show on the Code Scanning setup page
label
Sep 10, 2024
23 tasks
Tagging possible community stakeholders ( i.e. Request for Comment )TL;DR:Regarding which version to pin for
|
Vue-Pu
approved these changes
Oct 31, 2024
reactive-firewall
force-pushed
the
patch-1
branch
from
November 1, 2024 00:33
eb90bf7
to
212025d
Compare
jsoref
reviewed
Nov 1, 2024
ghost
approved these changes
Nov 4, 2024
This was referenced Nov 8, 2024
Vue-Pu
approved these changes
Nov 11, 2024
reactive-firewall
force-pushed
the
patch-1
branch
from
November 26, 2024 04:03
2ac138f
to
c3d6135
Compare
reactive-firewall
added a commit
to reactive-firewall/python-bandit-scan
that referenced
this pull request
Dec 7, 2024
…ity features > [!NOTE] > > Due to the backup, upstream with [actions/starter-workflows#2497](actions/starter-workflows#2497) not yet resolved, this PR will include at-least two minor version bumps: > > * [v2.2](637c5c4) @ [637c5c4](637c5c4) > * [v2.3](f8cf05e) @ [f8cf05e](f8cf05e) ---
mScott224
approved these changes
Dec 8, 2024
Migrate to latest, maintained, version of action. * Maintained action is a fork of the unmaintained previous version. - Versions are still pinnable ( including bug-for-bug compatible `v1.0` ) - Maintained project now utilizes @dependabot to keep sub-dependencies current. - Maintained action is already released on marketplace * Credits both original and maintainer with no change to licensing * Updated to use checkout@v4 already
Two minor changes here: * removed unnecessary whitespace * pined by SHA latest version of python-bandit-scan (v2.1) reactive-firewall@python-bandit-scan@c8b1d56a3964de4e00e7a820dddb38661a4b7566
- removes an un-intended space from the config to fix the syntax. 🙈 Co-authored-by: Josh Soref <[email protected]>
reactive-firewall
force-pushed
the
patch-1
branch
from
December 14, 2024 06:20
c3d6135
to
21c12b0
Compare
Another rebase to keep this current with
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Migrate to latest, maintained, version of bandit code-scanning action.
Noteworthy changes:
v1.0
) - Maintained project now utilizes @dependabot to keep sub-dependencies current.📋 TL;DR - PR Template with checklist from code owners
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.yml
file with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml
). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKEN
so that the workflow runs successfully.For Code Scanning workflows, the workflow:
code-scanning
directory.code-scanning/properties/*.properties.json
file (for example,code-scanning/properties/codeql.properties.json
), with properties set as follows:name
: Name of the Code Scanning integration.creator
: Name of the organization/user producing the Code Scanning integration.PLEASE ADVISE does this need to be changed?
description
: Short description of the Code Scanning integration.categories
: Array of languages supported by the Code Scanning integration.iconName
: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theicons
directory.push
tobranches: [ $default-branch, $protected-branches ]
andpull_request
tobranches: [ $default-branch ]
. We also recommend aschedule
trigger ofcron: $cron-weekly
(for example,codeql.yml
).Some general notes:
actions
organization, or