Test semgrep #2
Closed
Test semgrep #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lt (sonic-net#12231) - Why I did it get_rx_los and get_tx_fault is not supported via the exisitng interface used, need provide dummy implementation for them. NOTE: in later releases we will get them back via different interface. - How I did it Return False * lane_num for get_rx_los and get_tx_fault - How to verify it Added unit test
…3170 (sonic-net#12205) - Why I did it To include latest fixes and new functionality SAI fixes and new features fix #3205239, incorrect object type returned for SG child list Fix VRF-VNI map entries remove issue ECC health event and logging [Port Buffers] restore default queue and pg configuration when all user pools are deleted Fix EVPN type3 error on removal of uc/bc flood group Fix EVPN type2 MAC move from local to remote results in SAI failure Fix Disable learning on VXLAN tunnel Fix error on VXLAN v6 tunnel removal Fix port cannot apply schedule group when it is a lag member Fix BFD add more detailed message on BFD packet not related to any existing session gcc10 compilation fixes Disable learning on VXLAN tunnel Support BFD remote-disc exchange in negotiation stage Tunnel Loopback packet action attribute implementation (for Dual TOR) Add KVD resources MIN/MAX functionality (pending CRM issue with MIN only) Support for CRC2 hash algorithm Bulk counter support for PGs, queues Support mirror sample rate attribute (SPC2+) [Functional] [QoS] | Unable to remove SCHEDULE profile table even if there is no object referencing it Next hop group optimized bulk API Reduce verbosity of shared database already exists print Span mirror policer (SPC2+), optimize pipeline for acl mirror action with policer on SPC2+ use same size descriptor pool for rx/tx fix bfd - notify Sonic for admin-down event 2201 - empty list for supported fec for RJ45 ports Fix don't disable used tunnel underlay interfaces SDK fixes 100GbE FCI DAC (10137628-4050LF/HPE PN: 845408-B21) was recognized by mistake as supporting "cable burning' which caused the switch firmware to read page 0x9f (which unsupported in the cable) and to report this cable as having "bad eeprom". Added remote peer UDP port information in BFD packet event. After editing an ECMP, the resilient ECMP next-hop counter may not count correctly. Fixed potential memory leaks in some APIs related to LPM If TTL_CMD_COPY is used in Encap direction for a packet with no TTL, then the value passed in the ttl data structure will be used if non-zero (default 255 if zero). In SN2201: When configuring Force mode, user should configure Speed and FEC on both sides In Flex Tunnel encapsulation flow, if the encapsulation is with an IPv6 header, the flow label field may not be updated as expected. In some cases, when changing speed to 400GbE over 8 lanes, the first few packets would be dropped. In some traffic patterns involving small packets, the PortRcvErrors counter may mistakenly count events of local physical errors due to an internal flow in the hardware that involves link packets. On Spectrum systems, sometimes during link failure, not all previous firmware indications cleared properly, potentially affecting the next link up attempt. On the NVIDIA Spectrum-2 switch, when receiving a packet with Symbol Errors on ports that are configured to cut-thought mode, a pipeline might get stuck. PCI calibration changes from a static to a dynamic mechanism. SDK debug dump shows "Unknown" Counter in RFC3635 Counter Group. SDK debug dump shows "Unknown" Counter in the PPCNT Traffic Class Counter Group. SDK Dump missing column headers in some GC tables may result in difficulty understanding the dump. SLL configuration is missing in SDK dump. Spectrum-2 systems, do no support 1GbE on supported 40GbE modules. When binding a UDP port which is already in use for BFD TX session, the error message appears incorrectly. When Flex Tunnel was used, Flex Modifier sometimes experienced a brief mis-configuration during ISSU. When many ports are active (e.g. 70 ports up), and the configuration of shared buffer is applied on the fly, occasionally, the firmware might get stuck. When running 1GbE speeds on SN4600 system, the port remained active while peer side was closed. When toggling many ports of the Spectrum devices while raising 10GbE link up and link maintenance is enabled, the switch may get stuck and may need to be rebooted. When trying to reconfigure the Flex Parser header and Flex transition parameters after ISSU, the switch will returned an error even if the configuration was identical to that done before performing the ISSU. While toggling the cable, and the low power mode is set to ON, an unexpected PMPE event error is received. - How I did it Updated SDK/SAI submodule and relevant makefiles with the required versions. - How to verify it Build an image and run tests from "sonic-mgmt". Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
- Why I did it To update MFT package to the latest version. - How I did it Updated MFT_VERSION & MFT_REVISION in platform/mellanox/mft.mk. - How to verify it Build an image and deploy to the switch Check MFT version by dpkg -l | grep mft Verify that all the SONiC services up and running Run regression testing using tests from sonic-mgmt Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
…#12240) Why I did it Fix PR merge failed because 'vstest' step does not install libyang. How I did it Install libyang in azure pipeline. How to verify it Pass vstest step.
Implement input power psu API Report DC power output via API Add bootloader Component in API Fix issue where naming was not unique for Component
maipbui
force-pushed
the
master
branch
2 times, most recently
from
82055e4
to
6ca1339
Compare
maipbui
force-pushed
the
bui/test/semgrep
branch
2 times, most recently
from
4171180
to
ab05fb4
Compare
maipbui
force-pushed
the
master
branch
3 times, most recently
from
f1c8f6a
to
e890418
Compare
Signed-off-by: maipbui <maibui@microsoft.com>
maipbui
force-pushed
the
bui/test/semgrep
branch
from
ab05fb4
to
0e33bd8
Compare
This was referenced Sep 30, 2022
0a7557bd9 [minigraph] add option to specify golden path in load_minigraph (sonic-net#2350) 322aefc37 [GCU]Remove GCU unique lane check for duplicate lanes platforms (sonic-net#2343) 7099fffa7 [fastboot] fastboot enhancement: Use warm-boot infrastructure for fast-boot (sonic-net#2286) 09026edbb [warm-reboot] fix warm-reboot when /tmp/cache is missing (sonic-net#2367) a3c404c74 Fix typo in platform_sfputil_helper.is_rj45_port (sonic-net#2374) 637d834ce Vnet_route_check Vxlan tunnel route update. (sonic-net#2281) 29a3e5180 Added support for tunnel route status in show vnet routes all. (sonic-net#2341) 1ac584bb3 Use 'default' VRF when VRF name is not provided (sonic-net#2368) 4d377a620 [subinterface]Added additional checks in portchannel and subinterface commands (sonic-net#2345) bbcdf2ed7 disk_check: Publish event for RO state (sonic-net#2320) 3fd537b0a Support the bandit check by GitHub Action (sonic-net#2358) 491d3d380 [generate dump]Added error message when saisdkdump fails (sonic-net#2356) 6830e01ec [counterpoll]Fixing counterpoll show for tunnel and acl stats (sonic-net#2355) 3be2ad7de [fast-reboot]Avoid stopping masked services during fast-reboot (sonic-net#2335) 0e1b0cf20 [GCU] Fix missing backend in dry run (sonic-net#2347) 676c31bd0 Add verification for override (sonic-net#2305) 48997c266 Add Password Hardening CLI support (sonic-net#2338) 414e239ea update unit tests for swap allocator a91a4922f consider swap checking memory in installer f0ce58635 [route_check]: Ignore standalone tunnel routes (sonic-net#2325)
Why I did it azure.github.io/SONiC/ no longer works and returns 404 Not Found. Updated it to the correct sonic-net.github.io/SONiC/
…net#12130) - Why I did it Add NVIDIA Copyright header for new "NVIDIA" files - How I did it Add the copyright header as remark at the head of the file
Why I did it Add components data for sonic-mgmt testing How I did it Update platform.json and add platform_components.json How to verify it Ran sonic-mgmt tests (test_chassis and test_component)
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: #2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR #2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
maipbui
added a commit
to sonic-net/sonic-utilities
that referenced
this pull request
Oct 3, 2022
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui/sonic-buildimage#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui/sonic-buildimage#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
maipbui
added a commit
to sonic-net/sonic-ztp
that referenced
this pull request
Oct 3, 2022
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui/sonic-buildimage#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui/sonic-buildimage#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
yxieca
pushed a commit
to sonic-net/sonic-utilities
that referenced
this pull request
Oct 3, 2022
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui/sonic-buildimage#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui/sonic-buildimage#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
yxieca
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Oct 3, 2022
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
- The Makefile.work becomes complex and it is very difficult to manage the changes across branches. - Restructured the Makefile.work and it becomes more readable. - Added $(QUIET) option to turn on command echo mode through command line option. - Exported the SONIC_BUILD_VARS variable, through which make options can be set dynamically. Eg: make SONIC_BUILD_VARS='INCLUDE_NAT=y'
Why I did it When sending a PR only CI change, as expected, the target target/python-wheels/buster/sonic_config_engine-1.0-py2-none-any.whl should be from the cache, because the depended files were not changed, but it rebuilt. How I did it Sort the files by name.
Updated the PR template with comment received on removing the reference link on GCU. Hence added text to show reference for GCU PR.
…12615) Why I did it Fixes sonic-net#12614 How I did it In the container_checker the database_chassis is added to expected container if device is supervisor To detect the device is superviso, add supervisor=1 to the platform_env.conf of 7808 sup platform How to verify it run container_checker monit check Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
686b9b1 Update Makefile to provision the ability of building with non-upstream patches (sonic-net#296) 3b95205 [patch]: Introduce sysctl param `arp_evict_no_carrier` (sonic-net#293) Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
…le (sonic-net#12602) - Why I did it Update SN2201 dynamic minimum fan speed table according to data provided by the thermal team. - How I did it Update the thermal table in device_data.py - How to verify it Run platform related regression Signed-off-by: Kebo Liu <kebol@nvidia.com>
…onic-net#12599) - Why I did it Fix logrotate firstaction script to reflect correct size. The size was modified to change dynamically based on disk size. However this variable was not updated sonic-net#9504 - How I did it Updated the variable based on disk size - How to verify it Verify in the generated rsyslog file if the variable is correctly generated from jinja template
sonic-host-services submodule update with following changes 6eac2d3 Merge pull request sonic-net#19 from judyjoseph/macsec_feature_enable 31c6108 Sync has_per_asic_scope attribute to config_db in all namespaces for multi-asic 185547f Add UT to improve coverage, for namespace config update 7c3aca0 macsec_supported info is part of DEVICE_RUNTIME_METADATA itself.
sonic-net#11998) * Use the macsec_enabled flag in platform to enable macesc feature state * Add macsec supported metadata in DEVICE_RUNTIME_METADATA
[sonic-linkmgrd][master] submodule update b3501d2 Jing Zhang Wed Nov 2 22:22:45 2022 -0700 [active-standby][active-active] update link prober stats updating frequency to 30s (sonic-net#152) 5d546ec Jing Zhang Tue Nov 1 16:12:17 2022 -0700 [202205] incrementing icmp buffer size (sonic-net#150) 76b128a Jing Zhang Tue Nov 1 12:06:21 2022 -0700 [Active-Active] periodically re-sync soc side admin forwarding state (sonic-net#151) sign-off: Jing Zhang zhangjing@microsoft.com
…-net#12627) add platform.json separately for LC6 that has different name, bc of supporting macsec Signed-off-by: Wenyi Zhang <wenyizhang@microsoft.com>
Why I did it Unify the Debian mirror sources Make easy to upgrade to the next Debian release, not source url code change required. Support to customize the Debian mirror sources during the build Relative issue: sonic-net#12523
…', or missing. (sonic-net#12588) bgpd.main.conf.j2: bugfix-9739 * Update bgpd.main.conf.j2 to gracefully handle the bgp configuration cases for when 'bgp_asn' is set to 'None', 'Null', or missing. How I did it Include a conditional statement to avoid configuring bgp in FRR when 'bgp_asn' is missing or set to 'None' or 'Null' How to verify it Configure 'bgp_asn' as 'None', 'Null' or have it missing from configurations and verify that /etc/frr/bgpd.conf does not have invalid bgp configurations like 'router bgp None' Description for the changelog Update bgpd.main.conf.j2 to gracefully handle the bgp configuration cases for when 'bgp_asn' is set to 'None', 'Null', or missing for bugfix 9739. Signed-off-by: cchoate54@gmail.com
* Build docker-gbsyncd-broncos image
* Correct typo in LIBSAI_BRONCOS_URL_PREFIX
* Update docker-gbsyncd-broncos/Dockerfile.j2
* Enable debug shell support on docker-gbsyncd-broncos
* Include bcmsh in docker-gbsyncd-broncos
Why I did it
In docker-gbsyncd-broncos image, enable debug shell support for BRCM broncos PHY.
How I did it
How to verify it
Note: need enable attr SAI_SWITCH_ATTR_SWITCH_SHELL_ENABLE support in BCM PAI library
# bcmsh
Press Enter to show prompt.
Press Ctrl+C to exit.
NOTICE: Only one bcmsh or bcmcmd can connect to the shell at same time.
BRCM:> help
help
List of available commands
- h or help => Print command menu
- l => Print list of active ports on the PHY
- ps <port_id> <options> => Print port status
<options> => 1 -> Link status
=> 2 -> Link training failure status
=> 3 -> Link training RX status
=> 4 -> PRBS lock status
=> 5 -> PRBS lock loss status
- rd <port_id> <addr> <no of registers to read> => Read register contents
- wr <port_id> <addr> <data> => Write register data
- rrd <lanemap> <if_side> <addr> <no of registers to read> => Raw read register contents using lanemap and if_side (line = 0, system = 1)
- rwr <lanemap> <if_side> <addr> <data> => Raw write register data using lanemap and if_side (line = 0, system = 1)
- fw or firmware => Print firmware version of the PHY
- pd or port_dump <port_id> <flags> => Dump port status
- eyescan <port_id> => Display eye scan
- fec_status <port_id> => Get fec status of the port
- polarity <lanemap> <if_side> <TX polarity> <RX Polarity> => Set TX and RX polarity
<lanemap> => 0xF, 0xFF, or 0xFFFF based on number of lanes
<if_side > => Line = 0, System = 1
<TX/RX Polarity> =>_TX/RX Polarity bitmap of all lanes
Each bit represents a lane number.
E.g. Lane 0's polarity value (0 or 1) is populated in Bit 0.
- polarity <lanemap> <if_side> => Print TX and RX polarity
- lb <port_id> <lb_value> => Enable loopback on the port
lb_value = 0 -> Disable, 1 -> PHY, 2 -> MAC
- lb <port_id> => Print loopback configuration of the port
- prbs <port_id> <options> <val> => Set/Get PRBS configuration
<options> => 1 -> Get PRBS state and polynomial
2 -> Set PRBS Polynomial, <val> - PRBS Polynomial
Please refer to phy/chip documentation for valid values
3 -> Enable PRBS
<val> => 0 Disable PRBS
1 Enable both PRBS Transmitter and Receiver
2 Enable PRBS Receiver
3 Enable PRBS Transmitter
exit or q => Exit the diagnostic shell
Why I did it DX010 platform has limited routing table size. How I did it Enabling LPM. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Why I did it nameserver and domain entries from build system fsroot gets into sonic image. How I did it Clear /etc/resolv.conf before building image How to verify it Built image with it and verified with install that /etc/resolv.conf is empty
Why I did it syseepromd in pmon crashes because of missing import in python script and doesn't get in running state How I did it Fix missing import issue to avoid python script failing How to verify it Boot system and wait till syseepromd gets into running state Which release branch to backport (provide reason below if selected) 201811 201911 202006 202012 202106 202111 202205
…c-net#12648) Why I did it DHCP relay feature needs to be enabled for BmcMgmtToRRouter by default How I did it Update device type list
…et#12651) Migrate t0-sonic test jobs to TestbedV2. Why I did it Migrate t0-sonic test jobs to TestbedV2. How I did it Add two parameters to create testplan. Modify azure-pipelines.yml to run t0-sonic on tbv2. Signed-off-by: Yutong Zhang <yutongzhang@microsoft.com>
Advance sonic-swss submodule to pick up new commits: dbdf31c [counters] Improve performance by polling only configured ports buffer queue/pg counters sonic-net/sonic-swss#2473 ab4f804 [portsorch] remove port OID from saiOidToAlias map on port deletion sonic-net/sonic-swss#2483 ab29920 [QoS] Support dynamic headroom calculation for Barefoot platforms sonic-net/sonic-swss#2412 15beee4 Add support for voq counters in portsorch. sonic-net/sonic-swss#2467 c8d4905 [vlanmgr] Disable arp_evict_nocarrier for vlan host intf sonic-net/sonic-swss#2469 31c9321 [chassis][voq]Collect counters for fabric links sonic-net/sonic-swss#1944 Signed-off-by: Kebo Liu <kebol@nvidia.com>
sonic-net#12639) * Advance submodule sonic-utilities d5a6da31 Do not configure physical attributes on port channels in portconfig (sonic-net#2456) 48ee7722 Change db_migrator major version on master branch from version 3 to 4 (sonic-net#2470) f3746163 [GCU] Fix JsonPointerFilter bug (sonic-net#2477) 58dbb3e6 YANG Validation for ConfigDB Updates: TACPLUS, TACPLUS_SERVER, AAA, VLAN_SUB_INTERFACE tables + decorated validated_mod_entry (sonic-net#2452) 062f18a0 fix show interface neighbor expected empty issue (sonic-net#2465) 569edf3b Fix display disorder problem of show mirror_session (sonic-net#2447) daaf0ffc Disable "tag as local" when reboot (sonic-net#2451) 6621120b Fix sudo sfputil show error-status on a multiasic platform issue (sonic-net#2373) e8b1dcdf Add IP remove warnings for VRF commands (sonic-net#2351) 40cc8e11 [scripts/generate_dump] add information to tech-support file (sonic-net#2357) 8473517e Revert "[config reload]: On dual ToR systems, cache ARP and FDB table (sonic-net#2460) Signed-off-by: Stephen Sun <stephens@nvidia.com> * Advance sonic-platform-common aa86083 Fix issue: rounding float value for txpower and rxpower (sonic-net#320) 2052a63 Fix issue: copper cable should not display DOM information (sonic-net#318) cf4c6af CmisApi::get_application_advertisement catch AttributeError as well (sonic-net#316) Signed-off-by: Stephen Sun <stephens@nvidia.com> Signed-off-by: Stephen Sun <stephens@nvidia.com>
…-net#12668) Migrate multi-asic test jobs to TestbedV2. Why I did it Migrate multi-asic test jobs to TestbedV2. How I did it Add one parameter num_asic to create testplan. Modify azure-pipelines.yml to run multi-asic on tbv2. Signed-off-by: Yutong Zhang <yutongzhang@microsoft.com>
Why I did it Stopping of pmon after swss and syncd causes some ERROR logs in syslog. Also, this affects teamd downtime. How I did it Adjust warmboot shutdown order in make file How to verify it Build SONiC image, deploy to the target device and check /etc/sonic/warm-reboot_order content. lldp mux nat radv sflow bgp pmon swss teamd syncd
swss update with following commits: 81f4ea9 orchagent/portsorch: Missing scheduler group after SWSS restart (sonic-net#2174) e557855 [SWSS] Innovium platform specific changes in PFC Detect lua script (sonic-net#2493) 6e288dc New P4Orch development. (sonic-net#2425) ab0e474 swss: Fixing race condition for rif counters (sonic-net#2488) 724f914 [tests] [asan] extend graceful stop flag to also stop syncd (sonic-net#2491) 84642f3 [Dynamic buffer calculation][Mellanox] Enhance the logic to identify buffer pools and profiles (sonic-net#2498) e04bb43 Fix vs test issue: failed to remove vlan due to referenced by vlan interface (sonic-net#2504) 52c561f Added LAG member check on addLagMember() (sonic-net#2464)
Signed-off-by: maipbui <maibui@microsoft.com>
preetham-singh
pushed a commit
to preetham-singh/sonic-utilities
that referenced
this pull request
Nov 21, 2022
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui/sonic-buildimage#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui/sonic-buildimage#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
malletvapid23
added a commit
to malletvapid23/Sonic-Utility
that referenced
this pull request
Aug 3, 2023
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: maipbui/sonic-buildimage#2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR maipbui/sonic-buildimage#2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.