fleet

empayre/fleet

Fork 0

mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Luke Heath	6ebc308eb4	[StepSecurity] ci: Harden GitHub Actions (#17780 )	2024-03-22 15:32:23 -05:00
StepSecurity Bot	8ae24ac4a9	[StepSecurity] ci: Harden GitHub Actions (#17767 ) ## Summary This pull request is created by [StepSecurity](https://app.stepsecurity.io/securerepo) at the request of @lukeheath. Please merge the Pull Request to incorporate the requested changes. Please tag @lukeheath on your message if you have any questions related to the PR. ## Security Fixes ### Least Privileged GitHub Actions Token Permissions The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) ### Pinned Dependencies GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>	2024-03-21 15:56:42 -05:00
Eric	b1945b2128	Add `fleet-vulnerability-dashboard` repo to `ee/` folder (#17428 ) Closes: https://github.com/fleetdm/confidential/issues/4057 Changes: - Added the contents of the fleet-vulnerability-dashboard repo to ee/vulnerability-dashboard - Added a github workflow to deploy the vulnerability dashboard on Heroku - Added a github workflow to test changes to the vulnerability-dashboard - Updated the website's custom configuration to enable auto-approvals/review requests to files in the ee/vulnerability-dashboard folder	2024-03-13 13:06:11 -05:00

Luke Heath

6ebc308eb4

[StepSecurity] ci: Harden GitHub Actions (#17780 )

2024-03-22 15:32:23 -05:00

StepSecurity Bot

8ae24ac4a9

[StepSecurity] ci: Harden GitHub Actions (#17767 )

## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@lukeheath. Please merge the Pull Request to incorporate the requested
changes. Please tag @lukeheath on your message if you have any questions
related to the PR.
## Security Fixes

### Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)
### Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)


## Feedback
For bug reports, feature requests, and general feedback; please email
support@stepsecurity.io. To create such PRs, please visit
https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

2024-03-21 15:56:42 -05:00

Eric

b1945b2128

Add fleet-vulnerability-dashboard repo to ee/ folder (#17428 )

Closes: https://github.com/fleetdm/confidential/issues/4057

Changes:
- Added the contents of the fleet-vulnerability-dashboard repo to
ee/vulnerability-dashboard
- Added a github workflow to deploy the vulnerability dashboard on
Heroku
- Added a github workflow to test changes to the vulnerability-dashboard
- Updated the website's custom configuration to enable
auto-approvals/review requests to files in the
ee/vulnerability-dashboard folder

2024-03-13 13:06:11 -05:00

3 Commits