dotasek
81fef98013
Bump jackson version ( #1515 )
...
* Bump jackson version
* Fix license check
2023-12-07 11:01:23 -05:00
dotasek
5ed1e08e6d
Updates for jdk21 ( #1462 )
...
* update byte_buddy and lombok versions
* Update license special cases
2023-10-16 15:51:47 -04:00
Thomas Papke
f05b2f5966
Update to cqframework 2.11 and remove unused common-beanutils declaration ( #1419 )
2023-09-05 09:08:22 -04:00
dotasek
148fa49213
Approve license
2023-08-23 16:27:04 -04:00
dotasek
d468a61664
License check updates ( #1406 )
...
* Add docs and special case comments
* Add special cases
* Add whitelist criteria
* Fill out license whitelists + add more output
* Now that we're passing, do not continue if script returns failure
* Apply workflow to all PRs
2023-08-23 15:51:17 -04:00
dotasek
2681867d2d
Update manual.yml
2023-08-04 16:59:40 -04:00
dotasek
2398dd927c
Update manual.yml ( #1385 )
2023-08-04 16:53:26 -04:00
dotasek
c1da51e16c
Create manual.yml
2023-08-04 16:51:01 -04:00
dotasek
3361e93bdf
License check action ( #1384 )
...
* Add scripts + support docs for license check action
* Switch to genuine bash
2023-08-04 16:29:17 -04:00
dotasek
2654e85df3
Implement private NPM server ( #1337 )
...
* WIP start adding NPM data.
* WIP 2 Testing against verdaccio npm
* WIP private npm package servers
* WIP2 add server type config
* WIP3 parse tarball url
* Fix package date parsing, start mocking server tests
* Add dummy package, assert authorization and content
* Add more tests
* Add serverType to settings test
* Ignore tgz files for bidi check
* tighter bidi ignore
* different ignore regex
* Make packageManagement settings, allow ignoring default package servers
* New tests + token authentication
* Manage 404s when configured servers don't have package
2023-07-22 11:01:36 -04:00
dotasek
c2cb2aaa21
Add OWASP dependency check ( #1347 )
...
* Add owasp dependency scan
* Add github action to upload results
* Remove unused javalin dependency, also generate html reports
* formats instead of format
* Restore javalin dependency (make revert easier later if necessary)
* Set OWASP to run on PR plus better names for sarif upload
2023-07-14 10:56:40 -04:00
dotasek
a91749760e
Create owasp.yml
2023-07-13 15:45:31 -04:00
dotasek
ca2b26fc3b
Temporarily disable CodeQL ReDoS and overly-large-range ( #1344 )
...
* Nudge to allow branch push
* Add codeql config
* Move codeql config around
* Move config file into init step
* Shuffle config-file index
* Change to correct query id
* Shuffle and switch to polynomial-redos
* Ignore both redos queries
* Ignore java/overly-large-range
* Add comment on exclude
2023-07-11 13:42:54 -04:00
dotasek
28bfe9c757
CodeQL coverage ( #1298 )
...
* Create codeql.yml
* Try limiting to the run to a single module
* Try matrix config
* Use category to prevent overwritten results
* Add remaining modules
* Update codeql.yml
* Update codeql.yml
2023-06-12 15:08:26 -04:00
dotasek
62094071a0
Update trivy.yml
2023-06-08 10:37:47 -04:00
dotasek
2a35adf5d0
Update trivy.yml
2023-06-07 13:55:24 -04:00
dotasek
f05345774d
Trivy vulnerability scan ( #1293 )
...
* Create trivy.yml
* Update trivy.yml
* Change scanning config
2023-06-07 13:52:14 -04:00
dotasek
bb9a66551c
Bump bidi checker again
2023-03-31 12:50:04 -04:00
dotasek
0ee7c1d0ce
Bump bidi checker version
2023-03-31 12:15:04 -04:00
dotasek
0353896866
Create bidi-checker.yml
2021-11-24 16:39:41 -05:00