Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

B14.1 Bi-Annual Triage CodeQL Static Code Analysis Scan Results #93

Closed
33 tasks done
jordanpadams opened this issue Oct 17, 2023 · 3 comments
Closed
33 tasks done

B14.1 Bi-Annual Triage CodeQL Static Code Analysis Scan Results #93

jordanpadams opened this issue Oct 17, 2023 · 3 comments
Assignees
@jordanpadams
Labels
B14.1 Epic i&t.skip theme

Comments

@jordanpadams
Copy link
Member

jordanpadams commented Oct 17, 2023
edited
Loading

💡 Description

Repos to triage static code analysis:

  • pds4-information-model - 1 code scan vulnerability alert dismissed. 0 dependabot alerts.
  • pds4-jparser - 0 new alerts to triage. existing alerts are not critical to address. merged 1 upgrade to fix 2 dependabot alerts (very low criticality)
  • validate - pds4-jparser - 0 new code scan vulnerability alerts to triage. existing alerts are not critical to address. 0 dependabot alerts.
  • registry-common - 0 new code scan vulnerability alerts to triage. existing alerts have fixes in the queue. 0 dependabot alerts.
  • harvest - 0 code scan vulnerability alerts to triage. 0 dependabot alerts.
  • registry-mgr - 0 new code scan security alerts to triage. 0 dependabot alerts.
  • registry-loader - 0 code scan vulnerability alerts to triage. 0 dependabot alerts.
  • registry-harvest-service - deprecated
  • registry-crawler-service - deprecated
  • [C] registry-harvest-cli - deprecated
  • registry-sweepers - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • registry-api - 0 new code scan vulnerability alerts to triage. existing alerts will be addressed in current, B14.1 delivery. all dependabot alerts resolved.
  • registry - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • pds-api - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • pds-api-client - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • doi-service - 1 new issue identified. Fix code scanning alerts doi-service#428. Very low risk. 0 dependabot alerts.
  • deep-archive - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • mi-label - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • PLAID - deprecated
  • Transform - - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • data-upload-manager - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • nucleus - 0 code scan vulnerability alerts. 1 dependabot alerts dismissed.
  • registry-harvest-legacy - dismissed ~10 code scan vulnerability alerts (wontfix/false positive). 0 dependabot alerts.
  • registry-pds3-catalog - dismissed 60 code scan vulnerability alerts (wontfix - not relevant). 0 dependabot alerts.
  • registry-mgr-legacy - dismissed 1 code scan vulnerability alert (wontfix - not relevant). 0 dependabot alerts.
  • pds3-product-tools - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • search-api-notebook - local code execution software. code scanning not relevant. 1 dependabot alert. Not relevant currently as app is run locally.
  • updart - 0 code scan vulnerability alerts. 0 dependabot alerts.

Javascript/JSP/web:

  • wds-react-legacy - 0 code scan vulnerability alerts. dependabot alerts are only applicable to prototype code.
  • doi-ui - 0 code scan vulnerability alerts. dependabot alerts will be fixed prior to deployment. app is currently only deployed locally.
  • wds-react - error executing codeql. this code is still prototype.
  • ds-view - 0 code scan vulnerability alerts. 0 dependabot alerts.
  • search-ui-legacy - error executing codeql. will need to investigate. 0 dependabot alerts. this code is app scanned prior to release to alleviate risk.
  • feedback-widget - 0 code scan vulnerability alerts. 0 dependabot alerts.
@github-project-automation github-project-automation bot moved this to Release Backlog in B14.1 Oct 17, 2023
@jordanpadams jordanpadams self-assigned this Oct 17, 2023
@jordanpadams jordanpadams changed the title B14.1 Triage CodeQL Static Code Analysis Scan Results B14.1 Bi-Annual Triage CodeQL Static Code Analysis Scan Results Oct 19, 2023
@github-project-automation github-project-automation bot moved this to Release Backlog in EN Portfolio Backlog Nov 20, 2023
@jordanpadams
Copy link
Member Author

📆 01/2024 status: Start delayed 1 sprint. No impact on delivery.

@nutjob4life
Copy link
Member

Jordan will be going through all the "ignored" reports and triaging the high-priority items. You'll be seeing issues assigned soon!

@jordanpadams
Copy link
Member Author

Review complete

@github-project-automation github-project-automation bot moved this from Backlog to 🏁 Done in EN Portfolio Backlog Mar 3, 2024
@github-project-automation github-project-automation bot moved this from Release Backlog to 🏁 Done in B14.1 Mar 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jordanpadams jordanpadams

Labels
B14.1 Epic i&t.skip theme
Projects
EN Portfolio Backlog
Status: 🏁 Done
B14.1
Status: 🏁 Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nutjob4life @jordanpadams