bitwarden
Container scanning
Type of change
- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [X] Build/deploy pipeline (DevOps)
- [ ] Other
Objective
Adds Anchore Grype container scanning with SARIF upload.
Code changes
- .github/workflows/build.yml: Scan and SARIF upload post-build.
Before you submit
- Please check for formatting errors (
dotnet format --verify-no-changes) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add unit tests where it makes sense to do so (encouraged but not required)
- If this change requires a documentation update - notify the documentation team
- If this change has particular deployment requirements - notify the DevOps team
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
![github-advanced-security[bot] avatar](https://avatars.githubusercontent.com/in/57789?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
3e73f1c) 39.32% compared to head (22f3ba1) 39.32%. Report is 1 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #3728 +/- ##
=======================================
Coverage 39.32% 39.32%
=======================================
Files 1032 1032
Lines 51038 51038
Branches 4579 4579
=======================================
Hits 20071 20071
Misses 30025 30025
Partials 942 942
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Checkmarx One – Scan Summary & Details – 029ccc71-504d-4754-80ed-b7ca236785c1
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Unpinned Actions Full Length Commit SHA | /build.yml: 488 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /build.yml: 600 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /build.yml: 521 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
|
Unpinned Actions Full Length Commit SHA | /build.yml: 473 |
|
Unpinned Actions Full Length Commit SHA | /build.yml: 585 |
|
Unpinned Actions Full Length Commit SHA | /build.yml: 506 |
