Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document or Disable the Snyk Security/License Checks #1507

Open
dave-tucker opened this issue Jun 10, 2024 · 2 comments
Open

Document or Disable the Snyk Security/License Checks #1507

dave-tucker opened this issue Jun 10, 2024 · 2 comments
Labels
kind/bug report bug issue

Comments

@dave-tucker
Copy link
Collaborator

What happened?

#1438 failed CI on the Snyk checks.
There is no information available for:

  1. What these checks do
  2. What a contributor can do to address the concerns

What did you expect to happen?

If CI is failing, I expect to get some signal as to what is wrong and how it can be fixed.

How can we reproduce it (as minimally and precisely as possible)?

N/A

Anything else we need to know?

No response

Kepler image tag

N/A

Kubernetes version

N/A ```console $ kubectl version # paste output here ```

Cloud provider or bare metal

N/A

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Install tools

N/A

Kepler deployment config

For on kubernetes:

$ KEPLER_NAMESPACE=kepler

# provide kepler configmap
$ kubectl get configmap kepler-cfm -n ${KEPLER_NAMESPACE} 
# paste output here

# provide kepler deployment description
$ kubectl describe deployment kepler-exporter -n ${KEPLER_NAMESPACE}

For standalone:

put your Kepler command argument here

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)
@dave-tucker dave-tucker added the kind/bug report bug issue label Jun 10, 2024
@dave-tucker
Copy link
Collaborator Author

@rootfs can you shed some light on what these are for?

They are showing up on PR as failing checks for $reasons.
After I got access to see what is going on some of it was valid and some of it was utter nonsense.
If they can't reliably pass/fail and give clear instructions on remediation they should be removed from the PR CI jobs.
They could be run as part of a the scheduled build though.

@dave-tucker
Copy link
Collaborator Author

Noting that Snyk is hallucinating hard on #1538

  • It’s complaining that we use github.com/hashicorp/go-version which is MPL-2.0. It is nowhere in our dependency tree.
    Then its complaining about vulnerabilities in github.com/docker/docker/integration/network/macvlan, github.com/docker/docker/integration/network/ipvlan, github.com/docker/docker/integration/networking, and github.com/docker/docker/libnetwork/oslwhich also aren’t in our dependency tree

I'm going to change the webhook to only run on main for now until we can figure out what is up

@dave-tucker dave-tucker mentioned this issue Jun 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug report bug issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dave-tucker