Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #38287 Adjust OSV Scanner setup to behave identically in CI and dev env and temporarily ignore Go 1.22.3+ sec issues
    Actions
    Infos
    #38287
    Thomas Gerbet (tgerbet)
    2024-06-05 14:00
    2024-06-05 10:08
    39891
    Details
    Adjust OSV Scanner setup to behave identically in CI and dev env and temporarily ignore Go 1.22.3+ sec issues

    We currently have 3 issues:

    • we are getting alerts for Go [1.22.0; 1.22.1] stdlib issues while we are using Go 1.22.2
    • we have differences when we run make scan-vuln-deps locally after having built the whole stack and what the CI does
    • we are getting valid alerts Go stdlib for things that have been fixed in Go 1.22.3 and 1.22.4, those have no direct impact for our use cases so they will wait until Go 1.22.4 lands in nixpkgs cache
    Dev tools
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-06-05
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #36799 Tuleap Releases 15.10 Delivered 2024-04-07 16:42 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #38287

    Git commit

    tuleap/tuleap/stable

    chore: Make OSV Scanner happy and consistent 9813d2bc5a
    User avatar Thomas Gerbet (tgerbet) , 2024-06-05 10:22
    Display settings

    Follow-ups