Skip to content

FEAT [DTECSCSAO-4805] GHAS integration: Code scanning & Dependency review #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sekhara-madduru merged 2 commits into from
Apr 11, 2025
Merged

FEAT [DTECSCSAO-4805] GHAS integration: Code scanning & Dependency review #15

sekhara-madduru merged 2 commits into from
Apr 11, 2025

Conversation

@sekhara-madduru
Copy link
Collaborator

@sekhara-madduru sekhara-madduru commented Feb 13, 2025

JIRA ID | Git Issue

https://paypal.atlassian.net/browse/DTECSCSAO-4805

Change Type

  • Bug fix (is this a backward compatible change?)
  • New feature (is this a backward compatible change?)
  • Breaking change (is this a non-backward compatible change?)
  • DB changes (add scripts in the sql/migrations/{date} folder)

Change Impact

Summary

  • GHAS integration: Adding a workflow action files for Code scanning & Dependency review.

Demo

Notes

The PayPal Product Security Team is replacing Coverity, Black Duck, and Cycode with GitHub Advanced Security (GHAS). This change will affect all PayPal and business unit production repositories on GitHub. GitHub Advanced Security provides three important security scanning capabilities including plaintext secrets detection, software composition analysis (SCA) for open source software (OSS) via Dependabot and Dependency Review, and static code analysis via CodeQL. We’re making this change because contracts for our existing software security tools are expiring and because we heard strong developer feedback in support of GHAS. You can access GHAS by clicking on the “Security” tab in your repository. Please keep an eye on this Security tab and respond to the security findings that appear here and in your Pull Requests (PRs). GHAS is essential to PayPal's Product Security program, ensuring we meet industry standards, regulatory mandates, and our commitment to customer security and trust.

Testing Instructions

  • Monitoring actions logs.
  • Make sure all scans successful and results shown.

@github-actions
Copy link

github-actions bot commented Feb 13, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
See the Details below.

Scanned Files

  • .github/workflows/security.code-scanning.yml
  • .github/workflows/security.dependency-review.yml

@github-advanced-security
Copy link

github-advanced-security bot commented Feb 13, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

ansonipaypal
ansonipaypal requested changes Mar 18, 2025
View reviewed changes
Copy link
Collaborator

@ansonipaypal ansonipaypal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the failing test case.

@sekhara-madduru
Copy link
Collaborator Author

sekhara-madduru commented Mar 18, 2025

Please fix the failing test case.

This is not our GHAS error, its problem with ruby somewhere.
can you share the POC who can help on this ?

@ansonipaypal
Copy link
Collaborator

ansonipaypal commented Mar 26, 2025

Please fix the failing test case.

This is not our GHAS error, its problem with ruby somewhere. can you share the POC who can help on this ?

Praveen Annepu should be able to help you on this.

@sagargoudt
Copy link

sagargoudt commented Apr 10, 2025

test

@sekhara-madduru sekhara-madduru merged commit 3a1df1b into main Apr 11, 2025
8 checks passed
@sagargoudt sagargoudt mentioned this pull request Apr 11, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lony25 lony25 lony25 approved these changes

@ansonipaypal ansonipaypal ansonipaypal approved these changes

@estrajnik estrajnik Awaiting requested review from estrajnik

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sekhara-madduru @ansonipaypal @sagargoudt @lony25