Closed tangowithfoxtrot closed 2 weeks ago
Checkmarx One โ Scan Summary & Details โ 6eedc32f-9c78-46a5-a277-00c3a6978195
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Apt Get Install Pin Version Not Defined | /Dockerfile: 9 | When installing a package, its pin version should be defined | |
Unpinned Actions Full Length Commit SHA | /build-swift.yml: 84 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Using Platform Flag with FROM Command | /Dockerfile: 4 | 'FROM' instruction should not use the flag '--platform' |
Severity | Issue | Source File / Package |
---|---|---|
Apt Get Install Pin Version Not Defined | /Dockerfile: 9 | |
Unpinned Actions Full Length Commit SHA | /build-swift.yml: 91 |
Is using MUSL on non-Linux an option? I don't think we can.
We tried statically-linking with Clang on macOS, but these libs don't seem to cooperate. As far as I know, we have to dynamically-link them.
Yea that's not going to work. You can't statically link security-framework. Did you try setting minimum macosx-version per https://stackoverflow.com/a/63397340?
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 58.18%. Comparing base (
05b2620
) to head (d6ce1cf
). Report is 6 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Thanks, @Hinton. Using MACOSX_DEPLOYMENT_TARGET
allows us to run on older macOS versions and lets us keep the macOS on macos-13
.
๐ Objective
The bitwarden-c lib is dynamically-linked with the version of GCC/Clang that is installed on the GitHub runner. Using newer runners will result in errors like this, for those that are running older, but still-supported versions of macOS:
This PR uses
MACOSX_DEPLOYMENT_TARGET
to support older versions of macOS.โฐ Reminders before review
๐ฆฎ Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or โน๏ธ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or ๐ญ (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or โ ๏ธ (:warning:
) for more significant problems or concerns needing attention:seedling:
) or โป๏ธ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes