Skip to content

Appel420 patch 3 #977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Appel420 patch 3 #977

wants to merge 3 commits into from

Conversation

@Appel420
Copy link

@Appel420 Appel420 commented Oct 29, 2025

No description provided.

Appel420 and others added 3 commits October 28, 2025 21:44
@Appel420
Add APIsec scan workflow
8625f9e 
This workflow triggers APIsec scans on push and pull request events for the main branch, and allows manual execution. It includes steps for running the scan and uploading results in SARIF format.
@Appel420 @github-actions
NPM package version bump
03a4836
@Appel420
Add Dependency Review Action workflow
05fb580 
This workflow scans dependency manifest files in pull requests for known vulnerabilities and blocks merging if vulnerable packages are introduced.
Copilot AI review requested due to automatic review settings October 29, 2025 02:11
Copilot AI reviewed Oct 29, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds security scanning workflows to the Ghostery Tracker Database repository and bumps the package version from 1.0.667 to 1.0.668.

  • Added GitHub Actions workflow for dependency review on pull requests
  • Added GitHub Actions workflow for API security scanning using APIsec
  • Updated package version to 1.0.668

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
package.json Bumped version from 1.0.667 to 1.0.668
package-lock.json Updated lockfile to reflect new package version
.github/workflows/dependency-review.yml Added new workflow to scan and review dependencies in pull requests
.github/workflows/apisec-scan.yml Added new workflow for automated API security scanning

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/apisec-scan.yml
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
Copy link

Copilot AI Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hardcoded project name 'VAmPI' appears to be a placeholder from the APIsec starter template. VAmPI is a vulnerable API example project commonly used for testing. This should be updated to match the actual APIsec project name for the Ghostery Tracker Database, or removed if APIsec scanning is not configured for this repository.

Suggested change
apisec-project: "VAmPI"
# TODO: Replace 'Ghostery Tracker Database' with your actual APIsec project name if different
apisec-project: "Ghostery Tracker Database"

Copilot uses AI. Check for mistakes.
@philipp-classen
Copy link
Member

philipp-classen commented Nov 3, 2025

Closing, since it is unclear what problem this is intending to solve. Thus, I have to consider it spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Appel420 @philipp-classen