pgouband
commented
8 months ago Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1345.
Closed sean-m-sullivan closed 8 months ago
pgouband
commented
8 months ago Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1345.
wojtek0806
commented
8 months ago changes will be pushed next release
sean-m-sullivan
commented
8 months ago thanks!, this was driving clients security scanners nuts
digitalfiend64
commented
8 months ago changes will be pushed next release
Thanks for getting the changes pushed out. Do you happen to know what version should we expect this in?
COMPONENT NAME
The following files are being flagged by security scans RSA Private Key collections/ansible_collections/f5networks/f5_bigip/tests/modules/network/f5/fixtures/cert1 Generic High Entropy Secret collections/ansible_collections/f5networks/f5_bigip/tests/plugins/httpapi/test_bigiq.py
SUMMARY
The above files are being caught by security scans as containing some sensitive information.
Would suggest the following two lines be added to galaxy.yml, which would ensure that future distributions do not include the test files so that the collection isn't flagged by security scans.
I am not sure how the CLA works between the Red Hat and F5, so decided to make this an issue instead of a PR to avoid any issues surrounding that. This should be a simple fix,