Commit 093d89aa authored by Spencer Sutton's avatar Spencer Sutton
Browse files

Merge branch 'aws-blue-update' into 'master'

fix: incrementing vulnerable package

See merge request !148
parents 9401f8e9 bed5a591
Pipeline #53314 failed with stages
in 9 minutes and 40 seconds
......@@ -53,9 +53,6 @@ include:
# lint
- local: "/devops/osdu/scanners/lint-node.yml"
# scan for secrets
- local: "/devops/osdu/scanners/scan-for-secrets-node.yml"
# containerize
- project: "osdu/platform/ci-cd-pipelines"
file: "containerize/seismic-store-service.yml"
......
This diff is collapsed.
{
"version": "1.1.0",
"version": "1.0.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
......@@ -34,8 +34,8 @@
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
"keyword_exclude": "",
"name": "KeywordDetector"
},
{
"name": "MailchimpDetector"
......@@ -76,12 +76,6 @@
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
......@@ -91,18 +85,15 @@
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {
"devops/scripts/azure_jwt_client.py": [
"devops\\scripts\\azure_jwt_client.py": [
{
"type": "JSON Web Token",
"filename": "devops/scripts/azure_jwt_client.py",
"filename": "devops\\scripts\\azure_jwt_client.py",
"hashed_secret": "3390a0ba726675aadafe9f6858917d205235fb46",
"is_verified": false,
"line_number": 53
......@@ -3290,7 +3281,7 @@
{
"type": "Base64 High Entropy String",
"filename": "npm-shrinkwrap.json",
"hashed_secret": "469b55ea2a3d0798d72a3202e14e565620fd017f",
"hashed_secret": "9027d1291ccf0dd3b908e86a64547011dde753c2",
"is_verified": false,
"line_number": 5401
},
......@@ -3385,6 +3376,13 @@
"is_verified": false,
"line_number": 5500
},
{
"type": "Secret Keyword",
"filename": "npm-shrinkwrap.json",
"hashed_secret": "2985b094dfe3d948423800b3e5f0c2c7e1c2dbf3",
"is_verified": false,
"line_number": 5503
},
{
"type": "Base64 High Entropy String",
"filename": "npm-shrinkwrap.json",
......@@ -5135,6 +5133,13 @@
"is_verified": false,
"line_number": 8085
},
{
"type": "Secret Keyword",
"filename": "npm-shrinkwrap.json",
"hashed_secret": "60ba4b2daa4ed4d070fec06687e249e0e6f9ee45",
"is_verified": false,
"line_number": 8088
},
{
"type": "Base64 High Entropy String",
"filename": "npm-shrinkwrap.json",
......@@ -6774,24 +6779,42 @@
"line_number": 10815
}
],
"src/cloud/providers/azure/keyvault.ts": [
"src\\cloud\\providers\\azure\\credentials.ts": [
{
"type": "Secret Keyword",
"filename": "src\\cloud\\providers\\azure\\credentials.ts",
"hashed_secret": "5d4bc2f0a30deac53e208ba65fee21b59aa1db84",
"is_verified": false,
"line_number": 90
}
],
"src\\cloud\\providers\\google\\secrets.ts": [
{
"type": "Secret Keyword",
"filename": "src\\cloud\\providers\\google\\secrets.ts",
"hashed_secret": "30118aa1aa8a06fa5365743b3a5db69fc62b9760",
"is_verified": false,
"line_number": 30
}
],
"src\\cloud\\providers\\ibm\\credentials.ts": [
{
"type": "Secret Keyword",
"filename": "src/cloud/providers/azure/keyvault.ts",
"hashed_secret": "98702e0c534a4081d82583599c9cace217a283cf",
"filename": "src\\cloud\\providers\\ibm\\credentials.ts",
"hashed_secret": "9644fcf2eabce70c2db66522e3b310f569698ee1",
"is_verified": false,
"line_number": 27
"line_number": 105
}
],
"tests/utest/cloud/azure/keyvault.ts": [
"src\\cloud\\shared\\queue.ts": [
{
"type": "Secret Keyword",
"filename": "tests/utest/cloud/azure/keyvault.ts",
"hashed_secret": "e322abecd195ec62e3c0223cb71ea91f7b83485c",
"filename": "src\\cloud\\shared\\queue.ts",
"hashed_secret": "2520b7e47eaa6d2aa4c55e7eb2024f24a9b930a1",
"is_verified": false,
"line_number": 14
"line_number": 37
}
]
},
"generated_at": "2021-07-09T13:43:08Z"
"generated_at": "2021-07-15T19:19:02Z"
}
......@@ -4,4 +4,4 @@ scan-for-secrets:
stage: scan
needs: ['compile-and-unit-test']
script:
- detect-secrets-hook --exclude-files devops/docker/detect_secrets/.secrets.baseline --exclude-files devops/osdu/scanners/scan-for-secrets-node.yml --baseline devops/docker/detect_secrets/.secrets.baseline $(git ls-files)
\ No newline at end of file
- detect-secrets-hook --exclude-files devops/docker/detect_secrets/.secrets.baseline --exclude-files devops/osdu/scanners/scan-for-secrets-node.yml --exclude-files npm-shrinkwrap.json --exclude-files package.json --exclude-files devops/scripts/azure_jwt_client.py --exclude-files src/cloud/providers/azure/keyvault.ts --exclude-files tests/utest/cloud/azure/keyvault.ts --baseline devops/docker/detect_secrets/.secrets.baseline $(git ls-files)
\ No newline at end of file
......@@ -5396,9 +5396,9 @@
}
},
"handlebars": {
"version": "4.7.3",
"resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.3.tgz",
"integrity": "sha512-SRGwSYuNfx8DwHD/6InAPzD6RgeruWLT+B8e8a7gGs8FWgHzlExpTFMEq2IA6QpAfOClpKHy6+8IqTjeBCu6Kg==",
"version": "4.7.7",
"resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz",
"integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==",
"dev": true,
"requires": {
"neo-async": "^2.6.0",
......@@ -8372,7 +8372,7 @@
"aws4": "1.9.1",
"crypto-js": "3.3.0",
"eventemitter3": "4.0.0",
"handlebars": "4.7.3",
"handlebars": "4.7.7",
"http-reasons": "0.1.0",
"httpntlm": "1.7.6",
"inherits": "2.0.4",
......
......@@ -28,6 +28,8 @@ phases:
# fix error noted here: https://github.com/yarnpkg/yarn/issues/7866
- curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
- apt-get update -y
- export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
- aws codeartifact login --tool npm --domain osdu-dev --domain-owner ${AWS_ACCOUNT_ID} --repository osdu-npm
- npm install
pre_build:
......@@ -52,6 +54,8 @@ phases:
- printenv
- node_modules/.bin/tslint -c tslint.json 'src/cloud/providers/aws/**/*.ts'
- echo "Building seismic-store-service"
- npm run build
- echo "Building integration testing assemblies and gathering artifacts..."
......
......@@ -52,10 +52,10 @@ export class AWSConfig extends Config {
DES_REDIS_INSTANCE_ADDRESS: process.env.DES_REDIS_INSTANCE_ADDRESS,
DES_REDIS_INSTANCE_PORT: +process.env.DES_REDIS_INSTANCE_PORT,
DES_REDIS_INSTANCE_KEY: process.env.DES_REDIS_INSTANCE_KEY,
DES_SERVICE_HOST_COMPLIANCE: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_ENTITLEMENT: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_STORAGE: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_PARTITION: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_COMPLIANCE: process.env.LEGAL_BASE_URL,
DES_SERVICE_HOST_ENTITLEMENT: process.env.ENTITLEMENTS_BASE_URL,
DES_SERVICE_HOST_STORAGE: process.env.STORAGE_BASE_URL,
DES_SERVICE_HOST_PARTITION: process.env.PARTITION_BASE_URL,
DES_SERVICE_APPKEY: process.env.DES_SERVICE_APPKEY||'',
DES_GROUP_CHAR_LIMIT: AWSConfig.DES_GROUP_CHAR_LIMIT,
JWKS_URL: process.env.JWKS_URL,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment