Commit Graph

16 Commits

Author SHA1 Message Date
Michael Zalimeni cc959dcdf4
security: triage false positive for go-jose/v3 (#20901)
Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
2024-03-26 21:27:50 +00:00
Michael Zalimeni f942f2dc18
security: fix syntax for release scan config (#20279)
Correct syntax errors introduced in #20264.
2024-01-19 17:08:54 +00:00
Michael Zalimeni b03d770dc3
security: disable Vault secret scans due to false positives (#20264)
This was recently shown to have issues with false positives that blocked
a preview release build, so disabling for now.
2024-01-19 04:00:54 +00:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978)
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
2023-12-21 15:11:05 +00:00
Semir Patel 53e28a4963
OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
hashicorp-copywrite[bot] 5fb9df1640
[COMPLIANCE] License changes (#18443)
* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Updating the license from MPL to Business Source License

Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.

* add missing license headers

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 09:12:13 -04:00
Ronald e818fdead0
Copyright headers for config files git + circleci (#16703)
* Copyright headers for config files git + circleci

* Release folder copyright headers
2023-03-22 09:17:19 -04:00
Michele Degges 977c6e58de
Turn off sec-scanner check (#13614) 2022-06-27 15:52:51 -07:00
Michele Degges 862ca16301
Update security scanner (#12281) 2022-02-07 12:53:46 -08:00
Claire Labry 12fc63d11c
clean up from testing 2022-02-04 14:59:30 -05:00
Claire Labry 092a27e84d
turning go modules to false due to jwt issue 2022-02-04 14:22:25 -05:00
Claire Labry 20e4f73649
reverting changes for the container + binary blocks 2022-02-04 14:05:28 -05:00
Claire Labry b62c3b4fbc
updating the binary and container blocks in security-scan file 2022-02-04 10:22:37 -05:00
Claire Labry d66f4da7f0
clean up after testing 2022-01-06 09:43:35 -05:00
Claire Labry 1e9b621b00
testing out turining go modules false 2021-12-17 10:20:52 -05:00
Claire Labry 61eca6513b
enabling security scan for CRT 2021-12-16 11:49:22 -05:00