Skip to content

[Implementation] IAM-6273: Workflow for here-aaa-java-sdk Vulnerability scanning #113

Merged
anishb266 merged 31 commits into
masterfrom
IAM-6078
Jul 15, 2025
Merged

[Implementation] IAM-6273: Workflow for here-aaa-java-sdk Vulnerability scanning #113
anishb266 merged 31 commits into
masterfrom
IAM-6078

Conversation

@anishb266

@anishb266 anishb266 commented Jul 1, 2025

Copy link
Copy Markdown
Contributor

[Implementation] IAM-6273: Workflow for here-aaa-java-sdk Vulnerability scanning

@anishb266
anishb266 force-pushed the IAM-6078 branch 3 times, most recently from 3f056f6 to 8bca734 Compare July 1, 2025 13:10
Signed-off-by: anisb <anish.b@here.com>
@anishb266
anishb266 force-pushed the IAM-6078 branch 2 times, most recently from 0f1ad6c to a78fa35 Compare July 2, 2025 12:58
Signed-off-by: anisb <anish.b@here.com>
anishb266 added 22 commits July 2, 2025 18:30
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
Signed-off-by: anisb <anish.b@here.com>
@anishb266 anishb266 changed the title Create dependabot.yml [Implementation] IAM-6273: Workflow for here-aaa-java-sdk Vulnerability scanning Jul 8, 2025
Signed-off-by: anisb <anish.b@here.com>
anishb266 added 3 commits July 8, 2025 16:09
Signed-off-by: anisb <anish.b@here.com>
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.
Signed-off-by: anisb <anish.b@here.com>
@anishb266 anishb266 self-assigned this Jul 8, 2025
@anishb266
anishb266 removed the request for review from owenkellett July 9, 2025 11:21
Signed-off-by: anisb <anish.b@here.com>
@ashishKhushiKumar

Copy link
Copy Markdown
Member

This change did not detect any known vulnerability in the system. The checks have passed, when it should have failed while scanning for vulnerabilities.

@anishb266

anishb266 commented Jul 9, 2025

Copy link
Copy Markdown
Contributor Author

This change did not detect any known vulnerability in the system. The checks have passed, when it should have failed while scanning for vulnerabilities.

dependency-review-action is used to detect vulnerabilities based on the POM changes. As there are no changes in POM, it didn't detect. That existing vulnerabilties will taken care by dependabot and the stakeholders will be alerted.

The similar process happens on HERE Account repository as well.

@anishb266
anishb266 requested a review from spaltis July 9, 2025 13:25
Comment thread .github/dependabot.yml Outdated
Comment thread .github/dependabot.yml Outdated
Signed-off-by: anisb <anish.b@here.com>
Comment thread .github/dependabot.yml
Comment thread .github/workflows/test.yml

@owenkellett owenkellett left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@spaltis

spaltis commented Jul 15, 2025

Copy link
Copy Markdown
Contributor

LGTM

@anishb266
anishb266 merged commit 3ce40fb into master Jul 15, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants