Skip to content

Latest commit

 

History

History
154 lines (75 loc) · 7.12 KB

CHANGELOG.md

File metadata and controls

154 lines (75 loc) · 7.12 KB

Changelog

2.0.10 (2025-01-07)

Bug Fixes

  • update code-scan workflow to also check for Semgrep OSS alerts (#66) (18d69fa)

2.0.9 (2025-01-03)

Bug Fixes

  • update pr comment format and print to job summary on schedule event for code & docker scan. (#64) (5e26acc)

2.0.8 (2025-01-02)

Bug Fixes

  • update grype from commit to v6 major release (#62) (aab0ea4)

2.0.7 (2024-12-09)

Bug Fixes

  • update to use ubuntu-24.04 runner (#60) (7706824)

2.0.6 (2024-12-06)

Bug Fixes

2.0.5 (2024-11-07)

Bug Fixes

  • Language detection & errors on dependabot pushes (#54) (1302531)

2.0.4 (2024-11-05)

Bug Fixes

  • os.geten error in docker-scan (b0af179)

2.0.3 (2024-11-04)

Bug Fixes

  • Lots of minor bugs in gha-security (#51) (8d7508d)

2.0.2 (2024-11-01)

Bug Fixes

  • Made it possible to have nullable spec and allowlists. Also enforced allowed reason types (#49) (7d0a912)

2.0.1 (2024-10-16)

Bug Fixes

  • Fixed spec parser and improved debug, warning and error messages (#47) (a4e8eb8)

2.0.0 (2024-10-15)

⚠ BREAKING CHANGES

  • Allowlists for codescan and dockerscan adhere to new schema requirements.
  • Allowlists MUST be located in .entur/security
  • Allowlists have new naming requirements:
  • codescan_config.yml
  • dockerscan_config.yml

Bug Fixes

  • Access token missing in docker scan (2e9730b)
  • Added ARTIFACTORY_AUTH_USER as env variable for autobuild. (0067c73)
  • Allowlists adhere to spec (bee629a)
  • Support artifactory_url from org variables (8ad8833)
  • Support new artifactory token (ae787c4)

1.1.3 (2024-10-15)

Bug Fixes

  • properly access token in docker scan (948927a)

1.1.2 (2024-09-30)

Bug Fixes

  • Path checking in matching-PR (23f663a)

1.1.1 (2024-09-04)

Bug Fixes

  • Fixed issue with downloading artifacts from the wrong workflow run (#36) (12959e7)

1.1.0 (2024-08-19)

Features

1.0.2 (2024-07-10)

Bug Fixes

  • Update code-scan.yml to retrieve 100 open code scanning alerts (0c64b3b)

1.0.1 (2024-07-09)

Bug Fixes

  • fix: (ea805d0)
  • Improve Semgrep scanning configuration in code-scan.yml (0b1ecad)
  • Improve Semgrep scanning configuration in code-scan.yml (353169e)
  • Improve Semgrep scanning configuration in code-scan.yml (227636a)
  • Improve Semgrep scanning configuration in code-scan.yml (86fbaa5)
  • Update code-scan.yml to improve Semgrep scanning configuration (c2ab48e)

1.0.0 (2024-07-08)

⚠ BREAKING CHANGES

  • add scanning for scala

Features

Bug Fixes

  • Add conditional check for repository languages before running codeql-analysis job (a2caaa5)
  • remove unnecessary conditions (712c096)