From 7355d4a68b3edcc908d1164d4a2079428088a292 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wojciech=20B=C4=85czkowski?=
 <wojciech.baczkowski@scylladb.com>
Date: Mon, 23 May 2022 11:15:46 +0200
Subject: [PATCH 1/4] Skip unnecessary docker containers creation.

---
 docker-compose.yml | 55 +++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 27 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7fe73e8..2717bf2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,33 +1,34 @@
 
 version: "2"
 services:
-  zookeeper:
-    image: confluentinc/cp-zookeeper:3.2.2
-    environment:
-      ZOOKEEPER_CLIENT_PORT: "2181"
-      zk_id: "1"
-    ports:
-      - "2181:2181"
-  kafka:
-    hostname: kafka
-    image: confluentinc/cp-kafka:3.2.2
-    links:
-      - zookeeper
-    ports:
-      - "9092:9092"
-    environment:
-      KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
-      KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://:9092"
-  schema-registry:
-    image: confluentinc/cp-schema-registry:3.2.2
-    links:
-      - kafka
-      - zookeeper
-    ports:
-      - "8081:8081"
-    environment:
-      SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: "zookeeper:2181"
-      SCHEMA_REGISTRY_HOST_NAME: "schema-registry"
+  # for future e2e testing
+  #  zookeeper:
+  #    image: confluentinc/cp-zookeeper:3.2.2
+  #    environment:
+  #      ZOOKEEPER_CLIENT_PORT: "2181"
+  #      zk_id: "1"
+  #    ports:
+  #      - "2181:2181"
+  #  kafka:
+  #    hostname: kafka
+  #    image: confluentinc/cp-kafka:3.2.2
+  #    links:
+  #      - zookeeper
+  #    ports:
+  #      - "9092:9092"
+  #    environment:
+  #      KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
+  #      KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://:9092"
+  #  schema-registry:
+  #    image: confluentinc/cp-schema-registry:3.2.2
+  #    links:
+  #      - kafka
+  #      - zookeeper
+  #    ports:
+  #      - "8081:8081"
+  #    environment:
+  #      SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: "zookeeper:2181"
+  #      SCHEMA_REGISTRY_HOST_NAME: "schema-registry"
   scylladb:
     image: scylladb/scylla
     hostname: scylladb/scylla

From ffff237832417683a6c68cee399d91e143b32e3f Mon Sep 17 00:00:00 2001
From: Piotr Grabowski <piotr.grabowski@scylladb.com>
Date: Thu, 7 Dec 2023 19:19:12 +0100
Subject: [PATCH 2/4] Bump Snappy version

Bump Snappy version to 1.1.10.4. The previous version was flagged by
security scanners with CVE-2023-43642.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0c57cbe..4c24232 100644
--- a/pom.xml
+++ b/pom.xml
@@ -297,7 +297,7 @@
             <groupId>org.xerial.snappy</groupId>
             <artifactId>snappy-java</artifactId>
             <!-- should match version from drivers POM -->
-            <version>1.1.10.1</version>
+            <version>1.1.10.4</version>
         </dependency>
 
 

From a36ec88b998e8b6f04ccb9f82cb1b357f8c639c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wojciech=20B=C4=85czkowski?=
 <wojciech.baczkowski@scylladb.com>
Date: Fri, 29 Sep 2023 15:27:51 +0200
Subject: [PATCH 3/4] Add daily vulnerability scan

Adds a workflow that will run trivy scanner daily at 16:44.
Looks for CVEs with at least MEDIUM severity.
---
 .github/workflows/trivy.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 0000000..b5bcb3f
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,24 @@
+name: Vulnerability scan
+
+on:
+  schedule:
+  - cron: "44 16 * * *"
+  push:
+  pull_request:
+
+jobs:
+  build:
+    name: Trivy fs scan
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run trivy in fs mode
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: false
+        severity: 'CRITICAL,HIGH,MEDIUM'

From 7d49d3d814c0b5962d1de66ec09c8778293e0061 Mon Sep 17 00:00:00 2001
From: Piotr Grabowski <piotr.grabowski@scylladb.com>
Date: Fri, 8 Dec 2023 15:48:57 +0100
Subject: [PATCH 4/4] Bump version number to 1.1.1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4c24232..f990f07 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
     <groupId>io.kafka.connect</groupId>
     <artifactId>kafka-connect-scylladb</artifactId>
     <name>kafka-connect-scylladb</name>
-    <version>1.1.0</version>
+    <version>1.1.1</version>
     <description>A Kafka Connect plugin for Scylla Database</description>
     <url>https://github.com/scylla/kafka-connect-scylladb</url>
     <inceptionYear>2020</inceptionYear>