diff --git a/.checkov.yml b/.checkov.yml new file mode 100644 index 00000000..f7e2b0fe --- /dev/null +++ b/.checkov.yml @@ -0,0 +1,3 @@ +skip-check: + # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty + - CKV_GHA_7 diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 58bde51e..e6aab5f9 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -33,6 +33,7 @@ jobs: # Extract: ```bash ... ``` sed -n "/^ \`\`\`\(bash\|shell\)$/,/^ \`\`\`$/p" "${FILE}" | sed '/^ ```*/d; s/^ //' >> README.sh done + ls -la README.sh chmod a+x README.sh - name: 💡 MegaLinter diff --git a/.lycheeignore b/.lycheeignore index 09f9664b..44bd86f1 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -1 +1 @@ -.*.mylabs.dev +mylabs.dev diff --git a/.mega-linter.yml b/.mega-linter.yml index a768b6b9..24bf598b 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -1,7 +1,7 @@ # Configuration file for MegaLinter # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation -BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects +BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects DISABLE_LINTERS: - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead @@ -26,9 +26,7 @@ PRINT_ALPACA: false # Disable creating report directory REPORT_OUTPUT_FOLDER: none -# Issue: https://github.com/bridgecrewio/checkov/issues/3839 -# The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty -REPOSITORY_CHECKOV_ARGUMENTS: --skip-check CKV_GHA_7 +REPOSITORY_CHECKOV_ARGUMENTS: --quiet # Do not leave debug code in production, Insecure URL REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138 diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 30a04d08..f57bac4f 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -1,13 +1,15 @@ vulnerabilities: - # │ glob-parent │ CVE-2020-28469 │ HIGH │ fixed │ 3.1.0 │ 5.1.2 │ Regular expression denial of service │ + # │ glob-parent │ CVE-2020-28469 │ HIGH │ fixed │ 3.1.0 │ 5.1.2 │ Regular expression denial of service │ - id: CVE-2020-28469 - # │ json5 │ CVE-2022-46175 │ HIGH │ fixed │ 0.5.1 │ 2.2.2, 1.0.2 │ json5: Prototype Pollution in JSON5 via Parse Method │ + # │ json5 │ CVE-2022-46175 │ HIGH │ fixed │ 0.5.1 │ 2.2.2, 1.0.2 │ json5: Prototype Pollution in JSON5 via Parse Method │ - id: CVE-2022-46175 - # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed │ 0.2.17 │ 2.0.3, 1.4.1 │ loader-utils: prototype pollution in function parseQuery in │ + # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed │ 0.2.17 │ 2.0.3, 1.4.1 │ loader-utils: prototype pollution in function parseQuery in │ - id: CVE-2022-37601 - # │ node-forge │ CVE-2022-24771 │ HIGH │ fixed │ 0.10.0 │ 1.3.0 │ node-forge: Signature verification leniency in checking │ + # │ node-forge │ CVE-2022-24771 │ HIGH │ fixed │ 0.10.0 │ 1.3.0 │ node-forge: Signature verification leniency in checking │ - id: CVE-2022-24771 - # │ node-forge │ CVE-2022-24772 │ HIGH │ fixed │ 0.10.0 │ 1.3.0 │ node-forge: Signature verification failing to check tailing │ + # │ node-forge │ CVE-2022-24772 │ HIGH │ fixed │ 0.10.0 │ 1.3.0 │ node-forge: Signature verification failing to check tailing │ - id: CVE-2022-24772 - # │ nth-check │ CVE-2021-3803 │ HIGH │ fixed │ 1.0.2 │ 2.0.1 │ inefficient regular expression complexity │ + # │ nth-check │ CVE-2021-3803 │ HIGH │ fixed │ 1.0.2 │ 2.0.1 │ inefficient regular expression complexity │ - id: CVE-2021-3803 + # | ip │ CVE-2023-42282 │ HIGH │ affected │ 1.1.8 │ │ An issue in NPM IP Package v.1.1.8 and before allows an │ + - id: CVE-2023-42282