Skip to content

Update CVE scan actions to support mandatory OSS Index authentication#1765

Merged
stonesmi merged 21 commits intofinos:mainfrom
stonesmi:issue_1764
Sep 23, 2025
Merged

Update CVE scan actions to support mandatory OSS Index authentication#1765
stonesmi merged 21 commits intofinos:mainfrom
stonesmi:issue_1764

Conversation

@stonesmi
Copy link
Copy Markdown
Contributor

@stonesmi stonesmi commented Sep 23, 2025
edited
Loading

Since September 22nd, there is no longer anonymous access to the CVE database: https://ossindex.sonatype.org/doc/auth-required

I have updated the github actions to check whether credentials are present, and only then to run the scan jobs.

For your local forks, you will need to register at https://ossindex.sonatype.org/user/register and then add two new secrets for Actions, for those jobs to do anything.

OSS_INDEX_USERNAME
OSS_INDEX_API_KEY

@netlify
Copy link
Copy Markdown

netlify bot commented Sep 23, 2025
edited
Loading

Deploy Preview for papaya-valkyrie-395400 canceled.

Name Link
🔨 Latest commit 190c28c
🔍 Latest deploy log https://app.netlify.com/projects/papaya-valkyrie-395400/deploys/68d29d52db8d0a0008eb5a78

@stonesmi
Update Node CVE scanning workflow (finos#1764)
7e531f6
@stonesmi
Update Node CVE scanning workflow (finos#1764)
14f92ad
@stonesmi
Update Node CVE scanning workflow (finos#1764)
c8eee87
@stonesmi
Update Node CVE scanning workflow (finos#1764)
7ce24d4
@stonesmi
Update Node CVE scanning workflow (finos#1764)
df207f5
@stonesmi
Update Node CVE scanning workflow (finos#1764)
edba682
@stonesmi
Update Node CVE scanning workflow (finos#1764)
db2470c
@stonesmi
Update Node CVE scanning workflow (finos#1764)
4ba0dd3
@stonesmi
Update Node CVE scanning workflow (finos#1764)
46bb319
@stonesmi
Update Node CVE scanning workflow (finos#1764)
aa8c0e8
@stonesmi
Update Node CVE scanning workflow (finos#1764)
d723e62
@stonesmi
Update Node CVE scanning workflow (finos#1764)
786957d
@stonesmi
Update Node CVE scanning workflow (finos#1764)
49582b1
@stonesmi
Update Node CVE scanning workflow (finos#1764)
94f943e
@stonesmi
Update Node CVE scanning workflow (finos#1764)
190c28c
@stonesmi stonesmi marked this pull request as ready for review September 23, 2025 13:22
@stonesmi stonesmi requested a review from heswell September 23, 2025 13:22
@stonesmi stonesmi changed the title Update to support OSS Index authentication Update CVE scan actions to support mandatory OSS Index authentication Sep 23, 2025
@stonesmi stonesmi merged commit 91681ab into finos:main Sep 23, 2025
13 checks passed
@stonesmi stonesmi mentioned this pull request Sep 24, 2025
Closed
@stonesmi stonesmi deleted the issue_1764 branch September 24, 2025 18:19
@stonesmi stonesmi added the tools Tooling to support Vuu features label Oct 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanjjj tanjjj tanjjj approved these changes

@heswell heswell Awaiting requested review from heswell

Assignees

No one assigned

Labels

tools Tooling to support Vuu features

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stonesmi @tanjjj