Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bring Static Code Analysis Tool into CI #1198

Closed
cmwylie19 opened this issue Sep 30, 2024 · 3 comments · Fixed by #1219
Closed

Bring Static Code Analysis Tool into CI #1198

cmwylie19 opened this issue Sep 30, 2024 · 3 comments · Fixed by #1219
Assignees
@samayer12
Labels
enhancement New feature or request
Milestone
v0.38.0

Comments

@cmwylie19
Copy link
Contributor

Is your feature request related to a problem? Please describe.

A static code analysis tool could alert us quicker on things that circular dependencies, syntax errors, code quality, and best practices.

Describe the solution you'd like

  • Given a PR is pushed
  • When CI runs
  • Then analysis occurs

Describe alternatives you've considered

(optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.
@cmwylie19 cmwylie19 added the enhancement New feature or request label Sep 30, 2024
@cmwylie19 cmwylie19 added this to the v0.38.0 milestone Sep 30, 2024
@samayer12 samayer12 self-assigned this Oct 2, 2024
@samayer12
Copy link
Contributor

samayer12 commented Oct 2, 2024
edited
Loading

Internal blog post about running SAST locally. Mention of CodeQL and SemGrep.

We already use CodeQL, maybe we can revisit the configuration. Grype does vulnerability scanning for us.

@samayer12
Copy link
Contributor

samayer12 commented Oct 3, 2024
edited
Loading

This points to a broader organization topic about what tooling belongs across common CI/CD pipelines. Coda page here and a slack thread here.

I'll opt for some of the low-hanging fruit while we figure out broader policies.

@samayer12
Copy link
Contributor

Security scanning:

This was referenced Oct 3, 2024
Merged
Closed
Closed
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Pepr Project Board Oct 9, 2024
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Pepr Project Board Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@samayer12 samayer12

Labels
enhancement New feature or request
Projects
Pepr Project Board
Archived in project
Milestone
v0.38.0
Development

Successfully merging a pull request may close this issue.

chore(ci): add static-analysis checks to CI/CD defenseunicorns/pepr
2 participants
@cmwylie19 @samayer12