Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: name change from qualityTrace to qualitytrace #10

Merged
merged 11 commits into from
Jun 8, 2024

fix: remove debugs

3174b84
Select commit
Loading
Failed to load commit list.
Merged

fix: name change from qualityTrace to qualitytrace #10

fix: remove debugs
3174b84
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Files Analyzer succeeded Jun 3, 2024 in 1s

DryRun Security

Details

Sensitive Files Analyzer Findings: 3 detected

⚠️ Potential Sensitive File Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename Dockerfile
CodeLink https://github.com/intelops/qualitytrace/blob/3174b84328593e0df078bfba6e1695cb5c356ffa/Dockerfile#L0-L-1
⚠️ Potential Sensitive File Makefile (click for details)
Type Potential Sensitive File
Description Makefiles tend to influence the behavior of the executing program and can have security consequences if applied incorrectly. For example, having the ability to run commands that could be irreversible such as rm -rf /, changing file permissions, tampering with dependencies, and more.
Filename Makefile
CodeLink

qualitytrace/Makefile

Lines 1 to 27 in 3174b84

export VERSION?=dev
export TRACETEST_DEFAULT_CLOUD_ENDPOINT=https://app.qualitytrace.io
export TAG?=$(VERSION)
# GORELEASER_VERSION=1.23.0
PROJECT_ROOT=${PWD}
# CURRENT_GORELEASER_VERSION := $(shell goreleaser --version | head -n 9 | tail -n 1 | tr -s ' ' | cut -d' ' -f2-)
# goreleaser-version:
# ifneq "$(CURRENT_GORELEASER_VERSION)" "$(GORELEASER_VERSION)"
# @printf "\033[0;31m Bad goreleaser version $(CURRENT_GORELEASER_VERSION), please install $(GORELEASER_VERSION)\033[0m\n\n"
# @printf "\033[0;31m Tracetest requires goreleaser pro installed (licence not necessary for local builds)\033[0m\n\n"
# @printf "\033[0;33m See https://goreleaser.com/install/ \033[0m\n\n"
# endif
CLI_SRC_FILES := $(shell find cli -type f)
dist/qualitytrace: generate-cli $(CLI_SRC_FILES)
env GOOS=linux CGO_ENABLED=0 GO111MODULE=on go build -o qualitytrace cli/main.go
SERVER_SRC_FILES := $(shell find server -type f)
dist/qualitytrace-server: generate-server $(SERVER_SRC_FILES)
@echo "Choose a command run:"
env GOOS=linux CGO_ENABLED=0 GO111MODULE=on go build -o qualitytrace-server server/main.go
web/node_modules: web/package.json web/package-lock.json
cd web; npm install
⚠️ Potential Sensitive File agent/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename agent/Dockerfile
CodeLink

qualitytrace/agent/Dockerfile

Lines 1 to 9 in 3174b84

ARG TRACETEST_VERSION=latest
FROM intelops/qualitytrace:${TRACETEST_VERSION}
WORKDIR /app
ENV TRACETEST_API_KEY ""
ENTRYPOINT [ "qualitytrace", "start", "--api-key", "$TRACETEST_API_KEY" ]
View more details on DryRunSecurity