Skip to content

ci: add semgrep rules check in security-scanner plugins#25924

Open
dduzgun-security wants to merge 3 commits intomainfrom
ci/security-scanner-plugins
Open

ci: add semgrep rules check in security-scanner plugins#25924
dduzgun-security wants to merge 3 commits intomainfrom
ci/security-scanner-plugins

Conversation

@dduzgun-security
Copy link
Collaborator

@dduzgun-security dduzgun-security commented May 22, 2025
edited
Loading

Description

Adding plugins for semgrep rules and adding codeql go scans on PR too (it's done through the scheduled/daily scan only currently) in the security scanner configuration.

Testing & Reproduction steps

Links

Contributor Checklist

  • Changelog Entry If this PR changes user-facing behavior, please generate and add a
    changelog entry using the make cl command.
  • Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
    ensure regressions will be caught.
  • Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
    and job configuration, please update the Nomad website documentation to reflect this. Refer to
    the website README for docs guidelines. Please also consider whether the
    change requires notes within the upgrade guide.

Reviewer Checklist

  • Backport Labels Please add the correct backport labels as described by the internal
    backporting document.
  • Commit Type Ensure the correct merge method is selected which should be "squash and merge"
    in the majority of situations. The main exceptions are long-lived feature branches or merges where
    history should be preserved.
  • Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
    within the public repository.

@dduzgun-security dduzgun-security requested review from a team as code owners May 22, 2025 17:50
@github-advanced-security
Copy link

github-advanced-security bot commented May 22, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

jrasell
jrasell previously approved these changes May 27, 2025
View reviewed changes
Copy link
Member

@jrasell jrasell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @dduzgun-security!

Should we backport this to all our release branches as well?

@dduzgun-security
Copy link
Collaborator Author

dduzgun-security commented Jun 5, 2025

@jrasell thanks for the review. I pushed a small fix for the path (so we don't scan the security-scanner itself) and also to include the plugins. This would indeed need some labels to be backported since we scan for active release/x.y.z branches too 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrasell jrasell jrasell left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dduzgun-security @jrasell