gitlab-org/security-products/analyzers/security-code-scan issues and pull requests

#139 - Draft: Bump to v4 0 0

Pull Request - State: closed - Opened by rossfuhrman over 1 year ago - 3 comments
Labels: Category:SAST, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature

#138 - SASTBot: Monthly dependency updates for 16.0

Pull Request - State: opened - Opened by group_2452873_bot_aa678754a330f84d61c76a96786c08b7 over 1 year ago - 1 comment
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#137 - Bump security-code-scan to next major version

Pull Request - State: closed - Opened by serenafang over 1 year ago - 4 comments
Labels: devops::secure, group::static analysis, section::sec

#136 - SASTBot: Monthly dependency updates for 15.11

Pull Request - State: merged - Opened by group_2452873_bot_aa678754a330f84d61c76a96786c08b7 over 1 year ago - 10 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance, workflow::in dev

#135 - SASTBot: Monthly dependency updates for 15.10

Pull Request - State: closed - Opened by ghost1 over 1 year ago - 2 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#134 - SASTBot: Monthly dependency updates for 15.9

Pull Request - State: closed - Opened by ghost1 over 1 year ago - 4 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#133 - Draft: Experiment to try an ubuntu base image

Pull Request - State: opened - Opened by jkunzmann almost 2 years ago - 1 comment
Labels: type::feature

#132 - SASTBot: Monthly dependency updates for 15.8

Pull Request - State: merged - Opened by ghost1 almost 2 years ago - 1 comment
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#131 - Always filter out unsupported projects

Pull Request - State: merged - Opened by jamesliu-gitlab almost 2 years ago - 6 comments
Labels: Category:SAST, bug::functional, devops::secure, group::static analysis, section::sec, type::bug

#130 - Add Integration test

Pull Request - State: merged - Opened by zrice almost 2 years ago - 14 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#129 - SASTBot: Monthly dependency updates for 15.7

Pull Request - State: merged - Opened by ghost1 almost 2 years ago - 12 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#128 - Add support for .NET 7

Pull Request - State: merged - Opened by jnoordsij almost 2 years ago - 17 comments
Labels: 1st contribution, Community contribution, backend, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature, workflow::in review

#127 - SASTBot: Monthly dependency updates for 15.6

Pull Request - State: merged - Opened by group_2564205_bot almost 2 years ago - 9 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#126 - SASTBot: Monthly dependency updates for %15.5

Pull Request - State: merged - Opened by vbhat161 about 2 years ago - 9 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance, workflow::in dev

#125 - Update common to v3.2.1 to fix gotestsum cmd

Pull Request - State: merged - Opened by adamcohen about 2 years ago - 3 comments
Labels: Category:SAST, backend, devops::secure, group::composition analysis, maintenance::pipelines, section::sec, type::maintenance

#124 - Manual Monthly dependency updates for %15.4

Pull Request - State: merged - Opened by rossfuhrman about 2 years ago - 4 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, section::sec, type::maintenance, workflow::in dev

#123 - SASTBot: Monthly dependency updates for %15.4

Pull Request - State: closed - Opened by group_2564205_bot about 2 years ago - 3 comments
Labels: Category:SAST, automation:bot-authored, backend, devops::secure, group::static analysis, section::sec, type::maintenance, workflow::in dev

#122 - Update to use "SecurityCodeScan.VS2019" package instead of deprecated package. (Fixes gitlab-org/gitlab#364736)

Pull Request - State: merged - Opened by nathan_miller about 2 years ago - 23 comments
Labels: 1st contribution, Category:SAST, Community contribution, automation:reviewers-reminded, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance, workflow::ready for review

#121 - SASTBot: Monthly dependency updates for %15.3

Pull Request - State: merged - Opened by vbhat161 about 2 years ago - 8 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance, workflow::in dev

#120 - Fix MR number in CHANGELOG

Pull Request - State: merged - Opened by connorgilbert about 2 years ago - 5 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::ignore

#119 - bump command

Pull Request - State: merged - Opened by zrice about 2 years ago - 7 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#118 - Fix golangci-lint prealloc lint errors

Pull Request - State: merged - Opened by hacks4oats about 2 years ago - 4 comments
Labels: Category:SAST, backend, devops::secure, group::composition analysis, maintenance::pipelines, section::sec, type::maintenance

#117 - [Bulk Update] Bump core deps

Pull Request - State: merged - Opened by jamesliu-gitlab over 2 years ago - 3 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#116 - Increase log level when `dotnet add` fails

Pull Request - State: merged - Opened by connorgilbert over 2 years ago - 4 comments
Labels: Category:SAST, devops::secure, group::static analysis, maintenance::usability, section::sec, type::maintenance

#115 - Bumps security-code-scan analyzer to v2.0.0 for the 15.0 release

Pull Request - State: closed - Opened by zrice over 2 years ago - 5 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#114 - chore: fix group reference in CODEOWNERS

Pull Request - State: merged - Opened by theoretick over 2 years ago

#113 - chore: fix group reference in CODEOWNERS

Pull Request - State: closed - Opened by theoretick over 2 years ago - 1 comment
Labels: Category:SAST, devops::secure, group::static analysis, maintenance::workflow, type::maintenance

#112 - Update dependencies

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 4 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#111 - Update dependencies

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 4 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#110 - Run QA Downstream tests against v3

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 7 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#109 - Add ruleset override support

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 10 comments
Labels: Category:SAST, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature

#108 - Update to go v1.1.17

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 5 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec

#107 - chore: Drop support for .NET 2.1

Pull Request - State: merged - Opened by theoretick over 2 years ago - 2 comments
Labels: Category:SAST, deprecation, group::static analysis, type::maintenance

#106 - chore: drop `SEC_REGISTRY_IMAGE`

Pull Request - State: merged - Opened by theoretick over 2 years ago
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#105 - Add ruleset override support

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 5 comments
Labels: Category:SAST, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature

#104 - Add Severity Support

Pull Request - State: merged - Opened by zrice over 2 years ago - 17 comments
Labels: Category:SAST, backend, devops::secure, feature::addition, group::static analysis, section::sec, type::feature

#103 - Update expectations to match scanner results

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 5 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#102 - Re-enable downstream test

Pull Request - State: closed - Opened by rossfuhrman over 2 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec

#101 - Exclude test files from security scans

Pull Request - State: merged - Opened by rossfuhrman over 2 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#100 - Upgrade security-code-scan to v5.6.0

Pull Request - State: merged - Opened by rossfuhrman almost 3 years ago - 10 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec

#99 - Update to common v2.24.1

Pull Request - State: merged - Opened by adamcohen almost 3 years ago - 2 comments
Labels: Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, Stretch, backend, devops::secure, group::composition analysis, section::sec, secure:refinement-backend, type::bug

#98 - Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

Pull Request - State: closed - Opened by troyk.hooper almost 3 years ago - 2 comments
Labels: 1st contribution, Category:SAST, Community contribution, backend, devops::secure, feature::enhancement, section::sec, type::feature

#97 - Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

Pull Request - State: closed - Opened by troyk.hooper almost 3 years ago - 2 comments
Labels: 1st contribution, Community contribution, devops::verify, group::pipeline authoring, section::ops, templates, type::feature

#96 - Add support for .NET 6

Pull Request - State: merged - Opened by vasyl11 almost 3 years ago - 14 comments
Labels: 1st contribution, Category:SAST, Community contribution, backend, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature

#95 - chore: Upgrade go to v1.17

Pull Request - State: merged - Opened by theoretick almost 3 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, feature::enhancement, group::static analysis, type::feature

#94 - Draft: Testing out update to includes-dev/analyzer.yml

Pull Request - State: closed - Opened by rossfuhrman about 3 years ago - 3 comments
Labels: backend, devops::secure, group::static analysis, section::sec

#93 - Add SEC_REGISTRY_IMAGE for v2-FREEZE

Pull Request - State: merged - Opened by dsearles about 3 years ago - 3 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::feature

#92 - Add SEC_REGISTRY_IMAGE

Pull Request - State: merged - Opened by dsearles about 3 years ago - 8 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::feature

#91 - Handle Vulnerabilities

Pull Request - State: merged - Opened by julianthome about 3 years ago - 7 comments
Labels: Category:SAST, Dogfooding, devops::secure, group::vulnerability research, section::sec, type::maintenance, workflow::in review

#90 - Update Dockerfile to use alpine base image

Pull Request - State: merged - Opened by julianthome about 3 years ago - 12 comments
Labels: Category:SAST, backend, devops::secure, group::vulnerability research, section::sec, type::feature, workflow::in review

#89 - Remove old MAJOR variable

Pull Request - State: merged - Opened by dsearles over 3 years ago
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#88 - Additional debugging for build commands

Pull Request - State: merged - Opened by rossfuhrman over 3 years ago - 4 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#87 - Remove SAST_DEFAULT_ANALYZERS

Pull Request - State: merged - Opened by rossfuhrman over 3 years ago - 2 comments
Labels: Category:SAST, devops::secure, group::static analysis, type::maintenance

#86 - chore: Prefer MAX_IMAGE_SIZE_MB over MAX_IMAGE_SIZE_BYTE

Pull Request - State: merged - Opened by theoretick over 3 years ago
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#85 - Move to SAST_EXCLUDED_ANALYZERS

Pull Request - State: merged - Opened by rossfuhrman over 3 years ago - 2 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#84 - Update Dockerfile to use alpine base image

Pull Request - State: merged - Opened by twoodham over 3 years ago - 6 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::feature

#83 - update CONTRIBUTING.md

Pull Request - State: merged - Opened by twoodham over 3 years ago - 1 comment
Labels: Category:SAST, backend, devops::secure, group::static analysis, maintenance::workflow, section::sec, type::maintenance

#82 - Fix large input and clean up tests

Pull Request - State: merged - Opened by zrice over 3 years ago - 10 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::bug, type::maintenance

#81 - Add CODEOWNERS [ci skip]

Pull Request - State: merged - Opened by theoretick over 3 years ago - 1 comment
Labels: Category:SAST, backend, devops::secure, group::static analysis, maintenance::workflow, section::sec, type::maintenance

#80 - 5.2.1 upgrade

Pull Request - State: merged - Opened by rossfuhrman over 3 years ago - 20 comments
Labels: Category:SAST, devops::secure, feature::enhancement, group::static analysis, section::sec, type::feature

#79 - Restrict openshift

Pull Request - State: merged - Opened by zrice over 3 years ago - 3 comments
Labels: Category:SAST, backend, group::static analysis, type::maintenance

#78 - Openshift support

Pull Request - State: merged - Opened by rossfuhrman over 3 years ago - 4 comments
Labels: Category:SAST, backend, devops::secure, feature::enhancement, group::static analysis, type::feature

#77 - Updating report schema version

Pull Request - State: merged - Opened by zrice over 3 years ago - 3 comments
Labels: Category:SAST, backend, group::static analysis, type::maintenance

#76 - Draft: Upgrade to 5.0.0

Pull Request - State: closed - Opened by rossfuhrman over 3 years ago - 3 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec

#75 - chore: Use ruleset and command packages directly

Pull Request - State: merged - Opened by theoretick over 3 years ago
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#74 - Skip SCS9999 warning and check len before accessing warning slice

Pull Request - State: merged - Opened by zrice over 3 years ago - 4 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, master:broken, priority::1, severity::2, type::bug, type::maintenance

#73 - Adding more debug logs

Pull Request - State: merged - Opened by zrice over 3 years ago - 6 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#72 - Bumping version

Pull Request - State: closed - Opened by zrice almost 4 years ago - 5 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis

#71 - Add downstream test for dotnet5

Pull Request - State: merged - Opened by dsearles almost 4 years ago - 5 comments
Labels: Category:SAST, Quality, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#70 - Fix multi-project support for Security Code Scan

Pull Request - State: merged - Opened by zrice almost 4 years ago - 12 comments
Labels: Category:SAST, backend, devops::secure, feature::enhancement, group::static analysis, section::sec

#69 - Added support for dotnet 5

Pull Request - State: merged - Opened by shaun.burns almost 4 years ago - 15 comments
Labels: Category:SAST, Community contribution, backend, devops::secure, feature::addition, group::static analysis, section::sec, type::feature

#68 - Upgrade to common v2.22.1

Pull Request - State: merged - Opened by gitlab-bot almost 4 years ago
Labels: Category:SAST, Deliverable, Enterprise Edition, GitLab Ultimate, backend, devops::secure, group::composition analysis, section::sec, type::maintenance

#67 - Update mono to v6.12

Pull Request - State: merged - Opened by twoodham almost 4 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#66 - Full support of multi-project for Security-Code-Scan

Pull Request - State: merged - Opened by zrice almost 4 years ago - 30 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec

#65 - Setting analyzeAll since we need to run at root to support multi-projects

Pull Request - State: closed - Opened by zrice almost 4 years ago - 3 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec

#64 - Bump urfave/cli with common to v2.3.0

Pull Request - State: merged - Opened by gitlab-bot almost 4 years ago - 7 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, maintenance::dependency, section::sec, type::maintenance

#63 - add dotnet 5.0

Pull Request - State: closed - Opened by ramon327 almost 4 years ago - 7 comments
Labels: 1st contribution, Category:SAST, Community contribution, backend, devops::secure, feature::addition, group::static analysis, section::sec, type::feature

#62 - Add webgoat.net as a downstream target

Pull Request - State: closed - Opened by theoretick almost 4 years ago - 2 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::feature, type::maintenance

#61 - Draft: Always trim abspath prefix when generating file location

Pull Request - State: closed - Opened by theoretick almost 4 years ago - 2 comments
Labels: Category:SAST, devops::secure, group::static analysis, type::bug

#60 - Fix incorrect filepath when source is not relative to project file

Pull Request - State: merged - Opened by theoretick almost 4 years ago - 20 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::bug

#59 - Use multistage docker build

Pull Request - State: merged - Opened by theoretick about 4 years ago - 8 comments
Labels: Category:SAST, devops::secure, group::static analysis, section::sec, type::maintenance

#58 - Update common

Pull Request - State: merged - Opened by zrice about 4 years ago - 12 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::feature

#57 - Programmatically enforce scanner version

Pull Request - State: merged - Opened by adamcohen about 4 years ago
Labels: Category:Container Scanning, Category:Dependency Scanning [DEPRECATED], Category:SAST, Category:Software Composition Analysis, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, backend, devops::secure, group::composition analysis, quad-planning::complete-action, section::sec, security reports integration, type::maintenance

#56 - Remove SAST_DISABLE_DIND

Pull Request - State: merged - Opened by fcatteau about 4 years ago
Labels: Category:SAST, QA, backend, devops::secure, group::composition analysis, maintenance::pipelines, type::maintenance

#55 - Switch to master for QA

Pull Request - State: merged - Opened by fcatteau about 4 years ago
Labels: Category:SAST, QA, backend, devops::secure, group::composition analysis, maintenance::pipelines, type::maintenance

#54 - Upgrade to common v2.19.1

Pull Request - State: closed - Opened by gitlab-bot about 4 years ago - 1 comment
Labels: backend, devops::secure, section::sec

#53 - Update golang dependencies

Pull Request - State: merged - Opened by twoodham about 4 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#52 - Upgrade to common v2.18.0

Pull Request - State: closed - Opened by gitlab-bot about 4 years ago - 2 comments
Labels: backend, devops::secure, section::sec

#51 - Upgrade to common v2.17.0

Pull Request - State: closed - Opened by gitlab-bot about 4 years ago - 2 comments
Labels: backend, devops::secure, section::sec

#50 - Use mono:6.10 rather than mono:6.10-slim

Pull Request - State: merged - Opened by twoodham about 4 years ago - 7 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#48 - Bump common to v2.16.0

Pull Request - State: closed - Opened by twoodham about 4 years ago - 2 comments
Labels: group::static analysis, section::sec

#47 - Update mono and golang dependencies

Pull Request - State: merged - Opened by twoodham about 4 years ago - 10 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, security, type::maintenance

#46 - Add start_time/end_time/status to reports

Pull Request - State: merged - Opened by adamcohen about 4 years ago - 3 comments
Labels: Category:Container Scanning, Category:Dependency Scanning [DEPRECATED], Category:SAST, Category:Software Composition Analysis, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, Stretch, backend, devops::secure, group::composition analysis, quad-planning::complete-action, section::sec, security reports integration, type::feature

#45 - Release new version to upgrade go

Pull Request - State: merged - Opened by dsearles about 4 years ago - 2 comments
Labels: Category:SAST, backend, devops::secure, group::static analysis, section::sec, type::maintenance

#44 - Upgrade to common v2.14.0

Pull Request - State: closed - Opened by gitlab-bot about 4 years ago - 1 comment
Labels: backend, devops::secure, section::sec

#43 - Update CONTRIBUTING.md

Pull Request - State: merged - Opened by dsearles about 4 years ago - 1 comment
Labels: Category:SAST, backend, devops::secure, group::static analysis, type::maintenance

#42 - Add scan object to report

Pull Request - State: merged - Opened by adamcohen about 4 years ago - 1 comment
Labels: Category:Container Scanning, Category:Dependency Scanning [DEPRECATED], Category:SAST, Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, backend, devops::secure, group::composition analysis, quad-planning::complete-action, security reports integration, type::feature

GitLab.com / gitlab-org/security-products/analyzers/security-code-scan issues and pull requests