darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-28 03:11:40 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,394 Commits 126 Branches 60 Tags
033f43931364fcb2763550737345e4bd78d3bc9d
Commit Graph

62 Commits

Author SHA1 Message Date
Carlo Costino
e019e9cf11 Update OWASP ZAP scans 
The OWASP ZAP scan GitHub Actions have been updated recently and we need to make sure our GitHub Actions account for the recent changes.  This changeset makes sure we are using the latest version of the OWASP ZAP API scan, the correct Docker image, and adjusts the name of the step to accurately reflect what scan is being run.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
 2023-09-28 17:28:27 -04:00
Carlo Costino
5e0ba6a672 Trying ZAP weekly release instead of stable 
I noticed that a previous scan yesterday had referenced the weekly releases under the hood despite being configured for stable.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
 2023-09-26 15:47:37 -04:00
Carlo Costino
455b6071ba Updated ZAP Action config to match recent changes 
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
 2023-09-26 12:09:03 -04:00
Carlo Costino
7887eed891 Fix the dynamic-scan job 
This PR fixes the dynamic-scan job, which is now failing in our PR checks due to missing environment variables.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
 2023-09-26 11:35:19 -04:00
Kenneth Kehl
16defbe30d try again 2023-09-12 11:29:21 -07:00
Kenneth Kehl
75b7c6cf05 add secrets to github workflow 2023-09-12 11:13:09 -07:00
Kenneth Kehl
c92b8e0933 try without hashes everywhere 2023-08-31 11:54:26 -07:00
Kenneth Kehl
bc956c3dac remove --dev for now from poetry install 2023-08-31 11:12:16 -07:00
Kenneth Kehl
062675ad9b poetry 2023-08-31 11:00:55 -07:00
Carlo Costino
574e0b92fc Merge pull request #404 from GSA/notify-api-391 
notify-api-391 increase code coverage to 95%
 2023-08-16 16:40:33 -04:00
Kenneth Kehl
dc80e7e00a remove the multiple workers from the tests 2023-08-11 14:07:32 -07:00
Kenneth Kehl
3cf5ea8802 add change to workflow 2023-08-08 11:13:44 -07:00
stvnrlly
9bda30394d try updating docker action version? 2023-08-02 16:07:15 -04:00
Steven Reilly
6515c44ca8 bump pip-audit action to 1.0.6 (#261) 2023-05-05 14:11:18 -04:00
Andrew Shumway
b623caa366 Test actions with 50% threshold 2023-04-19 09:20:22 -06:00
Andrew Shumway
7e4043f85a Test github actions coverage PR fail 2023-04-19 08:56:34 -06:00
Andrew Shumway
cbcb955f1f Moved env: flag under test run 2023-04-18 15:48:10 -06:00
Andrew Shumway
17c6083f6d Check coverage in actions without omit 2023-04-18 14:27:56 -06:00
Andrew Shumway
1047b70792 Added fail coverage threshold under 50% 2023-04-18 13:51:48 -06:00
Ryan Ahearn
6118394f02 Remove ignore-vulnerability for remediated redis vuln 2023-03-29 17:04:43 -04:00
Ryan Ahearn
8e64fb12ba Ignore known issue with redis 4.5.3 2023-03-28 09:06:21 -04:00
Ryan Ahearn
84e7e9b5cf Use credentials output by terraform/development 2023-03-13 13:44:10 -04:00
Ryan Ahearn
36975dda07 Ensure CI runs have proper phone number format 2023-03-03 14:13:58 -05:00
Ryan Ahearn
28f8649444 Use sns credentials from VCAP_SERVICES 2023-02-28 16:50:00 -05:00
Ryan Ahearn
cdf2810b14 Update flask & cryptography versions 2023-02-09 17:26:36 -05:00
Ryan Ahearn
c3faf3df4d Install newrelic before attempting to validate config 2023-01-19 09:38:18 -05:00
Ryan Ahearn
b9a53b7b54 Validate new relic config in github actions 2023-01-19 09:33:33 -05:00
Ryan Ahearn
bec3c53128 Setup newrelic for cloud.gov environments 2023-01-18 09:20:22 -05:00
Ryan Ahearn
a4349975e5 Merge branch 'main' into sms-provider-cleanup 
* main:
  Update to most recent pip-audit action
  Remove restart: always from devcontainer
  simplify to use the script for this exact purpose
  simplify cleanup steps
  update sandbox teardown steps
 2023-01-03 10:23:55 -05:00
Ryan Ahearn
7e02e6b33d Update to most recent pip-audit action 2023-01-03 09:44:53 -05:00
Ryan Ahearn
d70e1b125a Remove NOTIFY_EMAIL_DOMAIN override in CI test runs 2022-12-22 10:52:08 -05:00
Ryan Ahearn
7c611e993f Read openapi schema for the owasp scan 2022-11-16 15:50:08 -05:00
Ryan Ahearn
7aafdd7bac Clean up config settings 2022-10-31 13:25:59 -04:00
stvnrlly
96431f0388 pipenv + flake8 2022-10-26 16:47:40 -04:00
stvnrlly
d87c224473 remove broadcast-related code, except migrations 2022-10-26 16:41:35 -04:00
stvnrlly
7b80210884 locate isort in time and space 2022-10-26 16:29:51 -04:00
stvnrlly
2889f6220a actually write requirements to file 2022-10-26 16:21:45 -04:00
stvnrlly
d27401c7a0 more pipenv transition 2022-10-26 14:05:37 +00:00
Steven Reilly
d37c2a53b8 Merge branch 'main' into stvnrlly-remove-broadcasts 2022-10-25 10:17:49 -04:00
stvnrlly
d4e156e8ae Merge branch 'main' into stvnrlly-remove-broadcasts 2022-10-20 19:44:20 -04:00
stvnrlly
788f5e2d86 reactivate flake8 in checks.yml 2022-10-19 16:16:28 +00:00
Ryan Ahearn
cd7da37fa9 Only run pip-audit on runtime dependencies in CI 2022-10-19 10:09:09 -04:00
stvnrlly
57f4df8ed1 remove broadcast-related code, except migrations 2022-10-04 15:28:27 +00:00
Ryan Ahearn
e3ad01119d Replace celery[sqs] with celery[redis] 2022-09-29 08:59:17 -04:00
Ryan Ahearn
dea028b8b4 Use owasp stable image for PR scans 
weekly image has a bug preventing it from starting
 2022-09-26 11:46:46 -04:00
Ryan Ahearn
8ede076708 Use correct access credentials for each bucket 2022-09-22 12:14:25 -04:00
Ryan Ahearn
2550464b8f Run scans every day 2022-08-23 16:44:34 -04:00
Ryan Ahearn
2df4b42da2 Use api-scan owasp action 2022-08-19 12:23:05 -04:00
Ryan Ahearn
fb188395a9 First cut at running OWASP in github actions 2022-08-19 12:12:58 -04:00
Ryan Ahearn
fb1e6b3e9d Implement bandit static security scan 2022-08-12 17:19:28 -04:00