search

openshift / cluster-api-provider-libvirt

Apache License 2.0
36 stars 56 forks source link

OCPBUGS-25630: Add Snyk file to exclude vendor directory on scan #276

Closed racheljpg closed 9 months ago

racheljpg commented 9 months ago

Hello! This is a PR to add a snyk file to exclude the vendors folder while scanning the repo. Thanks!

openshift-ci-robot commented 9 months ago

@racheljpg: This pull request references Jira Issue OCPBUGS-25630, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.16.0) matches configured target version for branch (4.16.0) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @wsun1

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/cluster-api-provider-libvirt/pull/276): >Hello! This is a PR to add a snyk file to exclude the vendors folder while scanning the repo. Thanks! Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
cfergeau commented 9 months ago

Hello! This is a PR to add a snyk file to exclude the vendors folder while scanning the repo. Thanks!

Does snyk have a global configuration file to exclude the vendor/ folder from all go projects? Is it really desirable to ignore the vendor/ folder? If code in it has security issues, we want to know about it, check if there's a newer version where it's fixed, .. ?

openshift-ci[bot] commented 9 months ago

@racheljpg: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-libvirt 6c08d49626fd0cbe49a2f36f2ac1f5c9591de304 link false /test e2e-libvirt

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
praveenkumar commented 9 months ago

/lgtm /approve

praveenkumar commented 9 months ago

/cherry-pick release-4.15

openshift-cherrypick-robot commented 9 months ago

@praveenkumar: once the present PR merges, I will cherry-pick it on top of release-4.15 in a new PR and assign it to you.

In response to [this](https://github.com/openshift/cluster-api-provider-libvirt/pull/276#issuecomment-1865485071): >/cherry-pick release-4.15 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 9 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: praveenkumar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cluster-api-provider-libvirt/blob/master/OWNERS)~~ [praveenkumar] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 9 months ago

@racheljpg: Jira Issue OCPBUGS-25630: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-25630 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/cluster-api-provider-libvirt/pull/276): >Hello! This is a PR to add a snyk file to exclude the vendors folder while scanning the repo. Thanks! Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-cherrypick-robot commented 9 months ago

@praveenkumar: new pull request created: #278

In response to [this](https://github.com/openshift/cluster-api-provider-libvirt/pull/276#issuecomment-1865485071): >/cherry-pick release-4.15 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-bot commented 9 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-libvirt-machine-controllers-container-v4.16.0-202312210731.p0.ged7b2df.assembly.stream for distgit ose-libvirt-machine-controllers. All builds following this will include this PR.