Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge develop into master for release #3344

Merged
merged 76 commits into from
Aug 8, 2024
Merged

Merge develop into master for release #3344

merged 76 commits into from
Aug 8, 2024

Conversation

sven-dmlr
Copy link
Member

No description provided.

fty4 and others added 30 commits January 17, 2024 14:19
@fty4
chore(action): bind debug input to action debug
41b36f0 
When an action will be executed in debug mode (e.g. via GitHub UI) the secret `ACTIONS_STEP_DEBUG` will be set to true (empty if not enabled).
This typically will allow to detect if a run is in debug mode.
Because a GitHub action can not automatically read secrets the `runner.debug` variable needs to be used to determine if debug mode is enabled.

When using this as default for the debug input of the action the debug will automatically be forwarded to sechub.

Overwriting is always possible for the endusers because it is only the default setting of this action.
@dependabot
Bump braces from 3.0.2 to 3.0.3 in /sechub-website
ecc46e5 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump ws from 8.16.0 to 8.17.1 in /sechub-website
379fbe9 
Bumps [ws](https://github.com/websockets/ws) from 8.16.0 to 8.17.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.16.0...8.17.1)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@winzj
First version of secret validation app #3141
5f6f809 
- basic structure and first version of config model
- validation section
- categorization section
- unit tests and spring boot tests
- README with documentation
@winzj
Extend SarifV1JSONImporter to enable import of custom gitleaks proper…
a16097a 
…ties #3276

- extend workaround classes with te ability to resolve
  secret validation wrapper custom severities
- add necessary changes to SarifV1JSONImporter and added test cases with test report files
@haerter-tss
Merge pull request #3295 from mercedes-benz/master
aadb93f 
2 - After release: Merge master back into develop [auto-generated]
@haerter-tss
Added build and release steps
523b01a
@haerter-tss @lorriborri
Apply suggestions from code review
45653a5 
Co-authored-by: Laura <[email protected]>
@lorriborri
Add PDS prepare mock #3297 (#3298)
a9efbb4
@lorriborri
Documentation Update for Formatter set up
90cd88c
@haerter-tss
SPDX headers added by SecHub release job @github-actions
f933347
@haerter-tss
docs update by SecHub release job @github-actions
ec4bfa1
@haerter-tss
Corrected release file
ccd5ef0
@haerter-tss
Merge branch 'develop' into feature-3290-release-and-build-pds-prepare
84b7bb0
@haerter-tss
Merge pull request #3296 from mercedes-benz/feature-3290-release-and-…
c8de41b 
…build-pds-prepare

Added build and release steps for pds prepare
@dependabot
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0
fe49964 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.5 to 6.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@6d6857d...c5a7806)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@haerter-tss
Fixed incorrect naming of wrapper
0c6c5c8
@haerter-tss
Merge pull request #3301 from mercedes-benz/feature-3300-bug-in-prepa…
07c0326 
…re-dockerfile

Fixed incorrect naming of wrapper
@haerter-tss
Corrected prepare wrapper version
1b293f2
@haerter-tss
Merge pull request #3303 from mercedes-benz/feature-3302-fix-prepare-…
27bfd05 
…dockerfile

Corrected prepare wrapper version
@hamidonos
Generate client and models from sechub-openapi-java #3238 (#3305)
4833b87 
- Create client and models from sechub-openapi-java in sechub-openapi-java-client
- Remove gradle build stage and add remaining gradle submodules to project build
- Fix error in build-versioning.gradle where file path was not resolved correctly
@sven-dmlr
cleanup empty files when remote-data-section #3307
634bd5b 
- #3307 fixed
- tests added
@dependabot
Bump gradle/actions from 3.4.2 to 3.5.0
c19b4a0 
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.4.2 to 3.5.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@dbbdc27...d9c87d4)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/setup-go from 5.0.1 to 5.0.2
2379118 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@cdcb360...0a12ed9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/setup-node from 4.0.0 to 4.0.3
cd71667 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@8f152de...1e60f62)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@sven-dmlr
Merge pull request #3308 from mercedes-benz/feature-3307-client-no-up…
f8b4c2a 
…loadfiles-when-remote

cleanup empty files when remote-data-section #3307
@sven-dmlr
Merge pull request #3214 from mercedes-benz/dependabot/npm_and_yarn/s…
af0da40 
…echub-website/braces-3.0.3

Bump braces from 3.0.2 to 3.0.3 in /sechub-website
@sven-dmlr
Merge pull request #3230 from mercedes-benz/dependabot/npm_and_yarn/s…
c4df985 
…echub-website/ws-8.17.1

Bump ws from 8.16.0 to 8.17.1 in /sechub-website
@sven-dmlr
Merge pull request #3251 from mercedes-benz/dependabot/github_actions…
7271101 
…/peter-evans/create-pull-request-6.1.0

Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0
@sven-dmlr
Merge pull request #3309 from mercedes-benz/dependabot/github_actions…
1fe9d7b 
…/gradle/actions-3.5.0

Bump gradle/actions from 3.4.2 to 3.5.0
sven-dmlr and others added 29 commits July 26, 2024 18:33
@sven-dmlr
added archive extraction parameters #3318
ec30774 
- pds-iac
- pds-loc
- pds-multi
- pds-owaspzap
@sven-dmlr
variable passing fixed #3327
9ff9734
@sven-dmlr
added archive extraction parameters #3318
1e12d19 
- pds-pmd
- pds-scancode
- pds-prepare
@sven-dmlr
variable passing fixed #3328
30e6a31 
- also eliminated double definition of XRAY_WRAPPER_VERSION
@sven-dmlr
added archive extraction parameters #3318
5e293b6 
- pds-xray
@sven-dmlr
image scripts adapted #3224
cc56b3c 
- no more sensible data in cmdline
- successfully built & tested
@sven-dmlr
eliminated multiple declarations of wrapper version #3302
acfe8fd
@sven-dmlr
Merge pull request #3325 from mercedes-benz/feature-3318-pds-solution…
713b727 
…s-extend-helm-charts

Misc fixes for pds-solutions #3318
@sven-dmlr
pds-solutions: eliminate multiply defined params #3329
6ac28ae
@sven-dmlr
Merge pull request #3330 from mercedes-benz/feature-3329-pds-solution…
66ef642 
…s-eliminate-multiply-defined-params

pds-solutions: eliminate multiply defined params #3329
@winzj
PR review changes #3280
0b5359c 
- rename module to better fitting name service
- rename tests
- minor changes and typo fixes
@winzj
Merge pull request #3280 from mercedes-benz/feature-3141-implement-fi…
2a93245 
…rst-version-of-secret-validator-application

Feature 3141 implement first version of secret validator application
@de-jcup
SecHub data encryption #3250 (#3254)
173dc36 
* SecHub
  - described concept of data encryption #3250
  - Introduced sechub-encryption #3273 + update bouncy castle version #3275
  - encryption implementation are now inside own gradle sub module "sechub-encryption"
  - refacotred sechub encryption library #3274

  - implemented data encryption inside SecHub #3250
  - restricted access and storage, avoid using configuration when not
    absolut necessary
  - created dedicated job message which contains unencrypted configuration
    at runtime. Only one message uses this one -> clear not accidently
    used on another code location
  - created migration scripts, seperated pool id generation for h2 and
    postgres because of binary type. Also postgres will migrate old
    data automatically to NoneCipher variant (means no real encryption,
    but admin will be able to rotate keys...)
  - wrote tests
  - introduced new usecases
  - new  REST APIs introduced
  - added integration test for encryption rotation
  - added developer admin ui actions

  - auto cleanup does also auto clean old unused encryption pool data
 - Scheduler now only executes for accepted encryption pool ids #3250
  -  Updated open api file for encryption parts #3250

*  PDS 
  - implemented data encryption + documentation #3264
  - NONE is default cipher encryption, means startup possible without
  encryption 
  - summary log service shows encryption algorithm
  - handled encryption out of sync problems on PDS side and
  at SecHub side
@dependabot
Bump @nuxt/devtools from 1.0.8 to 1.3.9 in /sechub-website
bc38eb2 
Bumps [@nuxt/devtools](https://github.com/nuxt/devtools/tree/HEAD/packages/devtools) from 1.0.8 to 1.3.9.
- [Release notes](https://github.com/nuxt/devtools/releases)
- [Changelog](https://github.com/nuxt/devtools/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nuxt/devtools/commits/v1.3.9/packages/devtools)

---
updated-dependencies:
- dependency-name: "@nuxt/devtools"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/setup-java from 4.2.1 to 4.2.2
3ba81b0 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@99b8673...6a0805f)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump gradle/actions from 3.5.0 to 4
2f88375 
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.5.0 to 4.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@d9c87d4...af1da67)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@winzj
Improve documentation #3338
fa8455c
@winzj
Update documentation #3338
df96a3d
@lorriborri
ArchUnit tests for SecHub
440eb78 
- added archUnit tests for sechub project
- fixed rule violations in existing code
@de-jcup
Changed default time for accepted outdated encryption pool entry #3342
6ac49c2 
- default time now 30 minutes
@de-jcup
Merge pull request #3343 from mercedes-benz/feature-3342-change-accep…
0ca3a79 
…ted-outdated-encryption-pool-default

Changed default time for accepted outdated encryption pool entry #3342
@sven-dmlr
Merge pull request #3337 from mercedes-benz/dependabot/github_actions…
68ec11d 
…/gradle/actions-4

Bump gradle/actions from 3.5.0 to 4
@sven-dmlr
Merge pull request #3336 from mercedes-benz/dependabot/github_actions…
013af97 
…/actions/setup-java-4.2.2

Bump actions/setup-java from 4.2.1 to 4.2.2
@sven-dmlr
Merge pull request #3335 from mercedes-benz/dependabot/npm_and_yarn/s…
a5c73c9 
…echub-website/nuxt/devtools-1.3.9

Bump @nuxt/devtools from 1.0.8 to 1.3.9 in /sechub-website
@dependabot
Bump nuxt from 3.10.3 to 3.12.4 in /sechub-website
1ff40b4 
Bumps [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) from 3.10.3 to 3.12.4.
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v3.12.4/packages/nuxt)

---
updated-dependencies:
- dependency-name: nuxt
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@sven-dmlr
Merge pull request #3334 from mercedes-benz/dependabot/npm_and_yarn/s…
a83ef1c 
…echub-website/nuxt-3.12.4

Bump nuxt from 3.10.3 to 3.12.4 in /sechub-website
@de-jcup
Renamed all methods of Text Reader/Writer classes + refactoring #3306
9e69923 

- renamed TextFileReader and TextFileWriter methods
- renamed TestFileReader and TestFileWriter methods
- renamed class TextFileWriter inside docgen to DocGenTextFileWriter
  (to make it clear this is another class).
- renamed class TextFileReader inside docgen to DocGenTextFileReaader
  (to make it clear this is another class).
- DocGenTextFileReader methods renamed
- DocGenTextFileWriter methods renamed
- Introduced constants
- JavaDoc added
- Where possible logic from reader/writer is reused now (except
  in test framework here we have a complete own implementation -
  but this is wanted)
@sven-dmlr
Merge pull request #3340 from mercedes-benz/feature-3224-server-force…
e4307dc 
…-some-settings-as-env-vars

server run.sh: use env vars instead of Java parameters #3224
@winzj
Merge pull request #3339 from mercedes-benz/feature-3338-update-docum…
5e8ed8a 
…entation-of-secret-wrapper-validator

Improve documentation #3338
@sven-dmlr sven-dmlr merged commit 1f05e69 into master Aug 8, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@sven-dmlr @fty4 @winzj @haerter-tss @lorriborri @hamidonos @de-jcup