Commit Graph

21 Commits

Author SHA1 Message Date
dotasek 461df3031b
Bump jackson-databind (#1600)
* Bump jackson-databind

* Update license whitelist
2024-04-16 13:24:08 -04:00
dotasek 81fef98013
Bump jackson version (#1515)
* Bump jackson version

* Fix license check
2023-12-07 11:01:23 -05:00
dotasek 5ed1e08e6d
Updates for jdk21 (#1462)
* update byte_buddy and lombok versions

* Update license special cases
2023-10-16 15:51:47 -04:00
Thomas Papke f05b2f5966
Update to cqframework 2.11 and remove unused common-beanutils declaration (#1419) 2023-09-05 09:08:22 -04:00
dotasek 148fa49213 Approve license 2023-08-23 16:27:04 -04:00
dotasek d468a61664
License check updates (#1406)
* Add docs and special case comments

* Add special cases

* Add whitelist criteria

* Fill out license whitelists + add more output

* Now that we're passing, do not continue if script returns failure

* Apply workflow to all PRs
2023-08-23 15:51:17 -04:00
dotasek 2681867d2d
Update manual.yml 2023-08-04 16:59:40 -04:00
dotasek 2398dd927c
Update manual.yml (#1385) 2023-08-04 16:53:26 -04:00
dotasek c1da51e16c
Create manual.yml 2023-08-04 16:51:01 -04:00
dotasek 3361e93bdf
License check action (#1384)
* Add scripts + support docs for license check action

* Switch to genuine bash
2023-08-04 16:29:17 -04:00
dotasek 2654e85df3
Implement private NPM server (#1337)
* WIP start adding NPM data.

* WIP 2 Testing against verdaccio npm

* WIP private npm package servers

* WIP2 add server type config

* WIP3 parse tarball url

* Fix package date parsing, start mocking server tests

* Add dummy package, assert authorization and content

* Add more tests

* Add serverType to settings test

* Ignore tgz files for bidi check

* tighter bidi ignore

* different ignore regex

* Make packageManagement settings, allow ignoring default package servers

* New tests + token authentication

* Manage 404s when configured servers don't have package
2023-07-22 11:01:36 -04:00
dotasek c2cb2aaa21
Add OWASP dependency check (#1347)
* Add owasp dependency scan

* Add github action to upload results

* Remove unused javalin dependency, also generate html reports

* formats instead of format

* Restore javalin dependency (make revert easier later if necessary)

* Set OWASP to run on PR plus better names for sarif upload
2023-07-14 10:56:40 -04:00
dotasek a91749760e
Create owasp.yml 2023-07-13 15:45:31 -04:00
dotasek ca2b26fc3b
Temporarily disable CodeQL ReDoS and overly-large-range (#1344)
* Nudge to allow branch push

* Add codeql config

* Move codeql config around

* Move config file into init step

* Shuffle config-file index

* Change to correct query id

* Shuffle and switch to polynomial-redos

* Ignore both redos queries

* Ignore java/overly-large-range

* Add comment on exclude
2023-07-11 13:42:54 -04:00
dotasek 28bfe9c757
CodeQL coverage (#1298)
* Create codeql.yml

* Try limiting to the run to a single module

* Try matrix config

* Use category to prevent overwritten results

* Add remaining modules

* Update codeql.yml

* Update codeql.yml
2023-06-12 15:08:26 -04:00
dotasek 62094071a0
Update trivy.yml 2023-06-08 10:37:47 -04:00
dotasek 2a35adf5d0
Update trivy.yml 2023-06-07 13:55:24 -04:00
dotasek f05345774d
Trivy vulnerability scan (#1293)
* Create trivy.yml

* Update trivy.yml

* Change scanning config
2023-06-07 13:52:14 -04:00
dotasek bb9a66551c
Bump bidi checker again 2023-03-31 12:50:04 -04:00
dotasek 0ee7c1d0ce
Bump bidi checker version 2023-03-31 12:15:04 -04:00
dotasek 0353896866
Create bidi-checker.yml 2021-11-24 16:39:41 -05:00