Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

πŸ”’οΈ Strip credentials form image VCS #6433

Merged
merged 7 commits into from
Sep 25, 2024
Merged

πŸ”’οΈ Strip credentials form image VCS #6433

merged 7 commits into from
Sep 25, 2024

Conversation

GitHK
Copy link
Contributor

@GitHK GitHK commented Sep 24, 2024
edited
Loading

What do these changes do?

Strip credentials from docker image labels. While not immediately an issue, it will leak credentials if docker images of the services come in the possession of third parties. During normal operation this does not happen.

Related issue/s

How to test

Dev-ops checklist

@GitHK GitHK self-assigned this Sep 24, 2024
@GitHK GitHK added the a:ooil integration-library or ooil label Sep 24, 2024
@GitHK GitHK added this to the MartinKippenberger milestone Sep 24, 2024
@GitHK GitHK marked this pull request as ready for review September 24, 2024 12:56
@codecov Codecov
Copy link

codecov bot commented Sep 24, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests βœ…

Project coverage is 88.3%. Comparing base (cafbf96) to head (799124a).
Report is 581 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff            @@
##           master   #6433      +/-   ##
=========================================
+ Coverage    84.5%   88.3%    +3.7%     
=========================================
  Files          10    1089    +1079     
  Lines         214   48815   +48601     
  Branches       25     406     +381     
=========================================
+ Hits          181   43134   +42953     
- Misses         23    5602    +5579     
- Partials       10      79      +69
Flag Coverage Ξ”
integrationtests 64.7% <ΓΈ> (?)
unittests 85.7% <100.0%> (+1.1%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Ξ”
...ation/src/service_integration/cli/_compose_spec.py 77.0% <100.0%> (ΓΈ)

... and 1098 files with indirect coverage changes

@GitHK GitHK added the security Pull requests that address a security vulnerability label Sep 24, 2024
matusdrobuliak66
matusdrobuliak66 approved these changes Sep 24, 2024
View reviewed changes
Copy link
Contributor

@matusdrobuliak66 matusdrobuliak66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

pcrespov
pcrespov approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@pcrespov pcrespov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thx

@GitHK GitHK enabled auto-merge (squash) September 24, 2024 13:08
mguidon
mguidon approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@mguidon mguidon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸ‘

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@GitHK GitHK merged commit 890f1ae into ITISFoundation:master Sep 25, 2024
57 checks passed
@GitHK GitHK deleted the pr-osparc-security-strip-user-and-password branch September 25, 2024 06:36
jsaq007 pushed a commit to jsaq007/osparc-simcore that referenced this pull request Sep 25, 2024
@GitHK @jsaq007
πŸ”’οΈ Strip credentials form image VCS (ITISFoundation#6433)
b46f836 
Co-authored-by: Andrei Neagu <[email protected]>
mrnicegyu11 pushed a commit to mrnicegyu11/osparc-simcore that referenced this pull request Oct 2, 2024
@GitHK @mrnicegyu11
πŸ”’οΈ Strip credentials form image VCS (ITISFoundation#6433)
8a8319f 
Co-authored-by: Andrei Neagu <[email protected]>
@matusdrobuliak66 matusdrobuliak66 mentioned this pull request Oct 4, 2024
Closed
16 tasks
This was referenced Oct 29, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcrespov pcrespov pcrespov approved these changes

@mguidon mguidon mguidon approved these changes

@matusdrobuliak66 matusdrobuliak66 matusdrobuliak66 approved these changes

@sanderegg sanderegg Awaiting requested review from sanderegg sanderegg is a code owner

@giancarloromeo giancarloromeo Awaiting requested review from giancarloromeo

Assignees

@GitHK GitHK

Labels
a:ooil integration-library or ooil security Pull requests that address a security vulnerability
Projects
None yet
Milestone
MartinKippenberger
Development

Successfully merging this pull request may close these issues.
4 participants
@GitHK @pcrespov @mguidon @matusdrobuliak66