This changeset adds a Python vulnerability that we need to ignore because it was incorrectly applied to the Python Redis module. This is a vulnerability with an older version of Redis itself, not the Python module.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a couple of dependencies, including our Python dependency audit check, and specifically ignores a gunicorn audit flag that appeared on 4/16/2024.
As soon as there is an update available for gunicorn that addresses the issue we will remove the flag to ignore the vulnerability report and update the dependency.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates all references to GitHub Actions to be version 4 due to a mandatory Node.js update.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
The OWASP ZAP scan GitHub Actions have been updated recently and we need to make sure our GitHub Actions account for the recent changes. This changeset makes sure we are using the latest version of the OWASP ZAP API scan, the correct Docker image, and adjusts the name of the step to accurately reflect what scan is being run.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
I noticed that a previous scan yesterday had referenced the weekly releases under the hood despite being configured for stable.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This PR fixes the dynamic-scan job, which is now failing in our PR checks due to missing environment variables.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
* main:
Update to most recent pip-audit action
Remove restart: always from devcontainer
simplify to use the script for this exact purpose
simplify cleanup steps
update sandbox teardown steps
