Release v0.1.19

[xopham]

• update: bump mkdocs-material in the pip-packages group (#256)
• update: bump bridgecrewio/checkov-action
• ci: add semgrep workflow
• ci: run semgrep workflow on call
• update: bump docker/login-action in the gh-actions-packages group (#258)
• feat: semgrep appsec platform login
• docs: improve writing and format, fix typos
• ci: adjust semgrep logged in job
• update: semgr8s v0.1.19

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 41421faae14b7e73d06c8b042953d68f4a99bb18.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/.reusable-sast.yml

Package	Version	License	Issue Type
bridgecrewio/checkov-action	85a668b503d8267b34c43f8d8621f4bae915ce97	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
actions/docker/login-action	0d4c9c5ea7693da7b068278f7b52bda2a190a446	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 4 Found 2/5 approved changesets -- score normalized to 4 Maintained :green_circle: 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 9 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 8 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 8 2 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
actions/docker/login-action	e92390c5fb421da1463c202d546fed0ec5c39f20	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 4 Found 2/5 approved changesets -- score normalized to 4 Maintained :green_circle: 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 9 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 8 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 8 2 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
actions/bridgecrewio/checkov-action	85a668b503d8267b34c43f8d8621f4bae915ce97	Unknown	Unknown
actions/bridgecrewio/checkov-action	c2b3a20bd4fa3f05794555151c2e53ccd23c5077	Unknown	Unknown
actions/docker/login-action	0d4c9c5ea7693da7b068278f7b52bda2a190a446	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 4 Found 2/5 approved changesets -- score normalized to 4 Maintained :green_circle: 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 9 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 8 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 8 2 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
actions/docker/login-action	e92390c5fb421da1463c202d546fed0ec5c39f20	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 4 Found 2/5 approved changesets -- score normalized to 4 Maintained :green_circle: 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 9 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 8 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 8 2 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
actions/actions/checkout	a5ac7e51b41094c92402da3b24376905380afc29	:green_circle: 7.6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4
pip/mkdocs-material	9.5.25	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/mkdocs-material	9.5.24	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

.github/workflows/.reusable-integration-test.yml

• docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
• docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20

.github/workflows/.reusable-sast.yml

• bridgecrewio/checkov-action@85a668b503d8267b34c43f8d8621f4bae915ce97
• bridgecrewio/checkov-action@c2b3a20bd4fa3f05794555151c2e53ccd23c5077

.github/workflows/.reusable-sca.yml

• docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
• docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20

.github/workflows/semgrep.yml

• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

poetry.lock

• mkdocs-material@9.5.25
• mkdocs-material@9.5.24

[github-actions[bot]]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	16	16	0%	5–29
app.py	78	3	96%	116, 175–176
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	197	23	88%

Tests	Skipped	Failures	Errors	Time
18	0 :zzz:	0 :x:	0 :fire:	2.229s :stopwatch: