Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add alerts on slack for new "Security" issues #44382

Open
potiuk opened this issue Nov 26, 2024 · 4 comments · May be fixed by #45351
Open

Add alerts on slack for new "Security" issues #44382

potiuk opened this issue Nov 26, 2024 · 4 comments · May be fixed by #45351
Assignees
@amoghrajesh
Labels
provider:slack security Security issues that must be fixed

Comments

@potiuk
Copy link
Member

potiuk commented Nov 26, 2024

There is a "security" tab in the airflow repository where code scanning produces new issues discovered in our code.

In order to drag attention to it, we should have an automation to post slack messages in a private "security" channel - this, similarly as in case of main failures - might help us with more "group" handling of noticing and handling such security reports.
@potiuk potiuk converted this from a draft issue Nov 26, 2024
@potiuk
Copy link
Member Author

potiuk commented Nov 26, 2024

cc: @amoghrajesh - when you have time :)

@dosubot dosubot bot added provider:slack security Security issues that must be fixed labels Nov 26, 2024
@eladkal
Copy link
Contributor

eladkal commented Nov 26, 2024

Maybe we can find a way for the scanner to run on the PR directly before we merge it?

@potiuk
Copy link
Member Author

potiuk commented Nov 27, 2024

Maybe we can find a way for the scanner to run on the PR directly before we merge it?

Yes. good point https://github.com/apache/airflow/blob/main/.github/workflows/codeql-analysis.yml likely need to be updated to work on pull request as well. I am not sure if it is going to work on pull requests from forks - but there does not seem to be a limitation for it mention and it needs only 'read-content" permission: https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests

@potiuk
Copy link
Member Author

potiuk commented Nov 27, 2024

#44404 -> seems to work out of the box.

@amoghrajesh amoghrajesh self-assigned this Nov 27, 2024
@potiuk potiuk moved this from Ready to In progress in CI / DEV ENV planned work Nov 30, 2024
@amoghrajesh amoghrajesh linked a pull request Jan 2, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amoghrajesh amoghrajesh

Labels
provider:slack security Security issues that must be fixed
Projects
CI / DEV ENV planned work
Status: In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add action for alerts on slack for new code scans amoghrajesh/airflow
3 participants
@potiuk @amoghrajesh @eladkal