-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(STONEINTG-1020): make snyk scan all files #1296
Conversation
205b2a3
to
1dbcdee
Compare
6293a79
to
e60b4be
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
94926e8
to
7395321
Compare
/retest |
Duno why konflux is unable to pull docker.io/cytopia/yamllint:1.26@sha256:1bf8270a671a2e5f2fea8ac2e80164d627e0c5fa083759862bbde80628f942b2 |
I've seen this in other PRs as well, we may have hit the docker.io rate limit 😢 |
@chmeliik how do we fix this? 😢 or do we need to wait till the limit is reset? |
I think this will work:
|
+1, if you're going to do this please do so via ExternalSecrets (like https://github.com/redhat-appstudio/infra-deployments/blob/main/components/konflux-ci/production/redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml) Or wait until tomorrow for the build team to come back online |
Don't worry. I have no access here 🥲 |
/retest |
Looks like that worked, thanks @chmeliik ! |
Just for the record, we didn't do anything 😄 The rate limit probably just reset |
beff70c
to
717372a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This change main goal is to make Snyk scan dependencies to meet ProdSec scanning requirements.
It is a breaking change, thats the reason for newer version of the check itself.
Before you complete this pull request ...
Look for any open pull requests in the repository with the title "e2e-tests update" and
see if there are recent e2e-tests updates that will be applicable to your change.