chore: move to trivy based image scan, removed snyk #187

saxenakshitiz · 2023-06-27T07:14:33Z

As part of this PR:

Adding build to validate image using trivy
Removed snyk steps
Updates few action version
Removed explicit caching step

codecov · 2023-06-27T07:26:38Z

Codecov Report

Merging #187 (a29f5a2) into main (6b3081e) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff             @@
##               main     #187    +/-   ##
==========================================
  Coverage     78.80%   78.80%            
+ Complexity      898       10   -888     
==========================================
  Files            80       80            
  Lines          3651     3651            
  Branches        419      419            
==========================================
  Hits           2877     2877            
  Misses          598      598            
  Partials        176      176

Flag	Coverage Δ
integration	`78.80% <ø> (ø)`
unit	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

.github/workflows/pr-build.yml

aaron-steinfeld · 2023-06-27T13:52:30Z

.github/workflows/pr-test.yml

@@ -7,26 +7,14 @@ on:

 jobs:
  test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04


consider consolidating test and build into a single workflow. Example:
https://github.com/hypertrace/service-framework/pull/70/files

Sure. Will merge them in separate PR.

build.gradle.kts

github-advanced-security · 2023-06-27T18:53:32Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

query-service-impl/build.gradle.kts

aaron-steinfeld · 2023-06-29T02:58:00Z

Went through the view gen PR to give some suggestions on tacking suppressions an constraints - posting them here too in case helpful hypertrace/view-generator-framework#75 (comment)

owasp-suppressions.xml

aaron-steinfeld · 2023-07-03T16:34:33Z

query-service-impl/build.gradle.kts

+    implementation("org.apache.calcite:calcite-babel:1.34.0") {
+      because("CVE-2022-39135")
+    }
+    implementation("org.apache.avro:avro:1.11.1") {


There's a number of high-risk upgrades in here. Avro, snakeyaml major version etc. Assuming the direct dep hasn't upgraded, make sure to test at runtime thoroughly if you haven't already

will verify them

Validated on saas-dev-sanbox. Query service came up fine. No error in logs when UI is accessed. UI was loading up fine as well.

github-actions · 2023-07-04T13:54:25Z

Unit Test Results

  39 files ±0   39 suites ±0 11s ⏱️ +3s
262 tests ±0 262 ✔️ ±0 0 💤 ±0 0 ❌ ±0

Results for commit 52f972f. ± Comparison against base commit 6b3081e.

chore: move to trivy based image scan, removed snyk

5c3c102

saxenakshitiz requested a review from a team as a code owner June 27, 2023 07:14

removed .snyk file and added .trivyignore file

e87c130