Open
Conversation
Signed-off-by: Stephen Linnell <sclinnell@ibm.com>
Signed-off-by: Stephen Linnell <sclinnell@ibm.com>
Signed-off-by: Stephen Linnell <sclinnell@ibm.com>
Signed-off-by: Stephen Linnell <sclinnell@ibm.com>
Signed-off-by: Stephen Linnell <sclinnell@ibm.com>
Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com>
* Update cronjob.yaml Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding case for empty secret Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * return a request response instead of string Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * Patching detect-secrets-stream image (#22) * Fix Makefile deploy: no need for looping (#225) * Fix Makefile deploy: no need for looping Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Remove unnecessary ; Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Store image name in var Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Clean up Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * More clean up Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Refactor Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> --------- Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating detect-secrets version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating more dependencies for pipfile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating requests Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating cryptography to higher version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pre-commit version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipenv version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding an ignore virtualenvs flag to verify how builds runs with specified versions Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating makefile to create its own virtualenv Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding more override virtual env flags to makefile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * addng more pip ignore installed flags Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python version for travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * reverting makefile and testing travisyml Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * removing travis update Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding newline back to end of makefile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python base image version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * bumping travis and dockerfile to latest 3.9 release Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python version in dockerfile to 3.9.19 Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipenv to latest version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * reverting dockerfile change and updating python version to lock Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipfile.lock for python update Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * locking pip version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * locking pip version and updating pipfile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * udpating pipfile and dockerfile to fix vulns Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * Updating gevent to 23.9.1 to fix travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pyjwt version to fix travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * checking trivy version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding skip-dirs flag to remove trivy false positive Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * checking previous pipenv version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> --------- Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> Co-authored-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * Patching detect-secrets-stream image (#22) * Fix Makefile deploy: no need for looping (#225) * Fix Makefile deploy: no need for looping Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Remove unnecessary ; Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Store image name in var Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Clean up Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * More clean up Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> * Refactor Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> --------- Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating detect-secrets version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating more dependencies for pipfile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating requests Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating cryptography to higher version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pre-commit version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipenv version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding an ignore virtualenvs flag to verify how builds runs with specified versions Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating makefile to create its own virtualenv Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding more override virtual env flags to makefile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * addng more pip ignore installed flags Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python version for travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * reverting makefile and testing travisyml Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * removing travis update Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding newline back to end of makefile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python base image version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * bumping travis and dockerfile to latest 3.9 release Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating python version in dockerfile to 3.9.19 Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipenv to latest version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * reverting dockerfile change and updating python version to lock Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pipfile.lock for python update Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * locking pip version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * locking pip version and updating pipfile Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * udpating pipfile and dockerfile to fix vulns Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * Updating gevent to 23.9.1 to fix travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating pyjwt version to fix travis build Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * checking trivy version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * adding skip-dirs flag to remove trivy false positive Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> * checking previous pipenv version Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> --------- Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> Co-authored-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> --------- Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com> Signed-off-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com> Co-authored-by: Stephen Linnell <91089808+sclinnell@users.noreply.github.com> Co-authored-by: Stephen Linnell <sclinnell@ibm.com> Co-authored-by: Victoria Miltcheva <12804086+victoria-miltcheva@users.noreply.github.com>
Signed-off-by: Kristi Kazmierczak <Kristi.Kazmierczak@ibm.com>
* adding patching efforts Signed-off-by: Kristi-Kazmierczak <Kristi.Kazmierczak@ibm.com> * updating cryptography Signed-off-by: Kristi-Kazmierczak <Kristi.Kazmierczak@ibm.com> --------- Signed-off-by: Kristi-Kazmierczak <Kristi.Kazmierczak@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
carloscumpian
force-pushed
the
add-gh-actions
branch
from
17e89b4 to
8dbcfa5
Compare
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
carloscumpian
force-pushed
the
add-gh-actions
branch
from
cca512c to
b9f7d9b
Compare
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
sclinnell
previously approved these changes
Apr 1, 2026
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
Signed-off-by: Caleb Cumpian <Carlos.Cumpian@ibm.com>
sclinnell
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Using
Standard GitHub-hosted runnersDeploy section needs to be uncommented out
Secrets need to be added for deploy section
setuptools to 82.0.1andpip to 26.0in dockerfile.dss to fix high vulns:cryptographyin Pipfile to fix and added dependencies:ibm-cloud-sdk-core= "==3.24.4" (added) - was previously already part of pipfileibm-secrets-manager-sdk= "2.1.19" (added) - was previously already part of pipfileibm-db= "==3.2.8" (upgraded version)cryptography= ">=46.0.5" (upgraded version)vault.pybased onpre-commitcheck feedbackUpdated
vault_test.pyso that the test would work w/ GHASmall fixes for
Makefile(added-ffor a plugin + pipenv to pre-commit run