Skip to content

Appel420 patch 2 #978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Appel420 patch 2 #978

wants to merge 3 commits into from

Conversation

@Appel420
Copy link

@Appel420 Appel420 commented Oct 29, 2025

No description provided.

Appel420 and others added 3 commits October 28, 2025 21:44
@Appel420
Add APIsec scan workflow
8625f9e 
This workflow triggers APIsec scans on push and pull request events for the main branch, and allows manual execution. It includes steps for running the scan and uploading results in SARIF format.
@Appel420 @github-actions
NPM package version bump
03a4836
@Appel420
Add CodeQL analysis workflow
5f44f36 
This workflow file sets up CodeQL analysis for the repository, defining the languages to be analyzed and the conditions for running the analysis.
Copilot AI review requested due to automatic review settings October 29, 2025 02:12
Copilot AI reviewed Oct 29, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the package version from 1.0.667 to 1.0.668 and adds two new GitHub Actions workflow files for security scanning.

  • Version bump in package.json and package-lock.json
  • Addition of CodeQL Advanced workflow for static code analysis
  • Addition of APIsec workflow for API security scanning

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
package.json Version incremented to 1.0.668
package-lock.json Lockfile version synchronized with package.json
.github/workflows/codeql.yml New CodeQL Advanced workflow for code security analysis
.github/workflows/apisec-scan.yml New APIsec workflow for API security testing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/apisec-scan.yml
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
Copy link

Copilot AI Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The project name 'VAmPI' appears to be a placeholder or example value from the APIsec template. This should be updated to match the actual project name '@ghostery/trackerdb' or the correct APIsec project identifier for this repository.

Suggested change
apisec-project: "VAmPI"
apisec-project: "@ghostery/trackerdb"

Copilot uses AI. Check for mistakes.
.github/workflows/apisec-scan.yml
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v3
Copy link

Copilot AI Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CodeQL action version is inconsistent between workflows. The codeql.yml file uses @v4 while this file uses @V3. Consider updating to @v4 for consistency and to use the latest version.

Suggested change
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@v4

Copilot uses AI. Check for mistakes.
@philipp-classen
Copy link
Member

philipp-classen commented Nov 3, 2025

Closing, since it is unclear what problem this is intending to solve. Thus, I have to consider it spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Appel420 @philipp-classen