Closed yuval-nahari closed 1 year ago
Security audit, information and commands
The security team is auditing all the hosting requests, to ensure a better security by default.
This message informs you that a security scan was triggered on your repository. It takes ~10 minutes to complete.
/audit-ok
=> the audit is complete, the hosting can continue :tada:./audit-skip
=> the audit is not necessary, the hosting can continue :tada:./audit-required
=> the superficial audit was not sufficient, a deeper look is necessary :mag:./audit-findings
=> the audit reveals some issues that require corrections :pencil2:./request-security-scan
=> the findings from the security scan were corrected, this command will re-scan your repository :mag:./audit-review
=> the findings from the audits were corrected, this command will ping the security team to review the findings :eyes:.
It's only applicable when the previous audit required changes.(automatically generated message, version: 1.16.8)
:x: CodeQL Scan failed. The Security team was notified about this.
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
/request-security-scan
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
<connection>
tag in your <scm>
block in your pom.xml. You can use this sample: <connection>scm:git:https://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
mend-cloud-native-plugin
) is incorrect, it should be https://github.com/yuval-nahari/mend-cloud-native
('New Repository Name' field with "-plugin" removed)You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
[ASSIST] (previous scan was started on https://github.com/yuval-nahari/mend-cloud-native before it was changed)
The CodeQL Scan did not find anything dangerous with your plugin, congratulations! :tada:
Hello, I looked at the plugin code and I have a few points to correct:
gitHubRepo
property in https://github.com/yuval-nahari/mend-cloud-native-plugin/blob/d239b2f600e4eefaa226ef8c3225519b207a8468/pom.xml#L24-L26jenkins-test-harness-htmlunit
dependency for production code (https://github.com/yuval-nahari/mend-cloud-native-plugin/blob/d239b2f600e4eefaa226ef8c3225519b207a8468/pom.xml#L89). As there is no tests on the plugin, I suspect that to be an error.sample
package name for it. This is probably coming from the skeleton of the archetype and should be removed. Rather, use the artifact Id.ToolInstallation
..mvn
folder within the repository root and add the couple of files: https://github.com/jenkinsci/archetypes/tree/master/common-files/.mvn.github
folder within the repository root and include the following files and subdirectories: https://github.com/jenkinsci/archetypes/tree/master/common-files/.githubURI#toURL
.Hi @alecharp, I've addressed your comments, thanks.
About the CLI download, this download link will be updated to a constant "latest" url that will provide the most up-to-date CLI. Meaning I have to download it to figure out if the CLI changed, and if I'm doing it so it's basically the same.
Thanks for addressing @yuval-nahari
It appears something went wrong while you copied the default files:
${artifactId}
is a placeholder. Replace ${artifactId}
with the artifactId from your pom.xml. The template is obsolete too.Looks good otherwise.
@yuval-nahari
Meaning I have to download it to figure out if the CLI changed, and if I'm doing it so it's basically the same.
Could user want to select a specific version rather than always be on the latest (like for Docker image tag)? This is not really a discussion for this hosting process so you can ignore this.
Fixed - placeholders replaced.
About the template existence - without it I got "template" is required
error in the github action run.
About the template existence - without it I got "template" is required error in the github action run.
That is expected, but can be ignored. Once hosted, release-drafter extends the existing config, which doesn't exist in your repository. My changes recommended can be applied safely.
Hi @alecharp @NotMyFault Do you require anything else for the hosting part?
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
mend-cloud-native-plugin
) is incorrect, it should be mend-cloud-native
('New Repository Name' field with "-plugin" removed)You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
/request-security-scan
The Jenkins Security Scan did not find anything dangerous with your plugin, congratulations! :tada:
:bulb: The Security team recommends that you are setting up the scan in your repository by following our guide.
/hosting re-check
Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A human volunteer will check over things that I am not able to check for (code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
Hello from your friendly Jenkins Hosting Checker
It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.
mend-cloud-native
) is incorrect, it should be mend-cloud-native-security-scanner
('New Repository Name' field with "-plugin" removed)You can re-trigger a check by editing your hosting request or by commenting /hosting re-check
I reworded the repository name to reflect the purpose of the plugin. Please change it in the pom.xml and other spots too.
/hosting re-check
Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A human volunteer will check over things that I am not able to check for (code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
/hosting host
Hosting request complete, the code has been forked into the jenkinsci project on GitHub as https://github.com/jenkinsci/mend-cloud-native-security-scanner-plugin
A Jira component named mend-cloud-native-security-scanner-plugin has also been created with yuval_nahari_mend as the default assignee for issues.
A pull request has been created against the repository permissions updater to setup release permissions. Additional users can be added by modifying the created file.
Please delete your original repository (if there are no other forks), under 'Danger Zone', so that the jenkinsci organization repository is the definitive source for the code. If there are other forks, please contact GitHub support to make the jenkinsci repo the root of the fork network (mention that Jenkins approval was given in support request 569994). Also, please make sure you properly follow the documentation on documenting your plugin so that your plugin is correctly documented.
You will also need to do the following in order to push changes and release your plugin:
In order for your plugin to be built by the Jenkins CI Infrastructure and check pull requests, please add a Jenkinsfile to the root of your repository with the following content: https://github.com/jenkinsci/archetypes/blob/master/common-files/Jenkinsfile
Welcome aboard!
Repository URL
https://github.com/yuval-nahari/mend-cloud-native-plugin
New Repository Name
mend-cloud-native-security-scanner-plugin
Description
This plugin uses Mend CLI tool for scanning container images and detect vulnerabilities and other security risks.
GitHub users to have commit permission
yuval-nahari
Jenkins project users to have release permission
yuval_nahari_mend
Issue tracker
Jira
/hosting re-check