Skip to content

SEC-229 | Initial commit git actions #590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 23, 2022
Merged

SEC-229 | Initial commit git actions #590

merged 1 commit into from
Sep 23, 2022

Conversation

cypresschris
Copy link
Contributor

This PR adds security controls in support of vulnerability scanning for third party packages as well as first party code. Snyk is already implemented, but these actions bring the Cypress Tools into alignment with our vulnerability management strategy. The actions that this pull request introduces send the scan results back to the Snyk dashboard. The Snyk dashboard is then coupled with branch protection rules that dictate our levels of protection by blocking PRs where this git action fails as a check.

Once the solution is fully implemented, the failures you see on the PR related to this would prevent merges of the code to the 'develop' and 'master' branches. The exit status it failed with today indicates that there is a critical vulnerability in the code base. This PR aims to increase this type of visibility.

@CLAassistant
Copy link

CLAassistant commented Sep 19, 2022

CLA assistant check
All committers have signed the CLA.

@admah admah merged commit 16ef891 into master Sep 23, 2022
@admah admah deleted the SEC-229 branch September 23, 2022 22:00
@cypress-app-bot
Copy link

🎉 This PR is included in version 3.10.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants