[StepSecurity] Apply security best practices #667
Conversation
Signed-off-by: StepSecurity Bot <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: ["javascript"] |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
| # By default, queries listed here will override any specified in a config file. | ||
| # Prefix the list here with "+" to use these queries and those in the config file. | ||
|
|
||
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
|
|
||
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
| # If this step fails, then you should remove it and run the build manually (see below) | ||
| - name: Autobuild |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
| # If this step fails, then you should remove it and run the build manually (see below) | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
| # ℹ️ Command-line programs to run using the OS shell. | ||
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
|
|
||
| # If the Autobuild fails above, remove it and uncomment the following three lines. |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
|
|
||
| # - run: | | ||
| # echo "Run, Build Application using script" | ||
| # ./location_of_script_within_repo/buildscript.sh |
Check failure
Code scanning / check-spelling
Unrecognized Spelling Error
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
@check-spelling-bot Report🔴 Please reviewSee the 📂 files view, the 📜action log, or 📝 job summary for details.Unrecognized words (3)autobuild These words are not needed and should be removedJAVASCRIPTTo accept these unrecognized words as correct and remove the previously acknowledged and now absent words, you could run the following commands... in a clone of the [email protected]:step-security-bot/john-packages.git repository curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/b365ac888c4713bf3a082b07b342feed0f3438fe/apply.pl' |
perl - 'https://github.com/openwall/john-packages/actions/runs/12085875860/attempts/1'
Available 📚 dictionaries could cover words (expected and unrecognized) not in the 📘 dictionaryThis includes both expected items (285) from .github/actions/spelling/expect.txt and unrecognized words (3)
Consider adding them (in with:
extra_dictionaries: |
cspell:node/dict/node.txt
cspell:aws/aws.txt
cspell:filetypes/filetypes.txt
cspell:php/dict/php.txt
cspell:python/src/python/python-lib.txtTo stop checking additional dictionaries, add (in check_extra_dictionaries: '' |
Do not validate PRs originating from Step Security as they will also fail validation. Signed-off-by: Claudio André <[email protected]>
Add words that will be used by Step Security. Signed-off-by: Claudio André <[email protected]>
Add words that will be used by Step Security. Signed-off-by: Claudio André <[email protected]>
|
Closing since I need to rebase. |
Summary
This pull request is created by StepSecurity at the request of @claudioandre-br. Please merge the Pull Request to incorporate the requested changes. Please tag @claudioandre-br on your message if you have any questions related to the PR.
Security Fixes
Detect Vulnerabilities with SAST Workflow
Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as clear-box testing) and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis.
Maintain Code Quality with Pre-Commit
Pre-commit is a framework for managing and maintaining multi-language pre-commit hooks. Hooks can be any scripts, code, or binaries that run at any stage of the git workflow. Pre-commit hooks are useful for enforcing code quality, code formatting, and detecting security vulnerabilities.
Feedback
For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot [email protected]