Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added code scanning through CodeQL #4805

Merged
merged 4 commits into from
Jul 25, 2024
Merged

feat: added code scanning through CodeQL #4805

merged 4 commits into from
Jul 25, 2024

Conversation

mohamedzeidan2021
Copy link
Contributor

Issue #, if available:

Description of changes:
CodeQL is a tool directly integrated within GitHub that will try and find vulnerabilities within our code. Once enabled, the file being merged will set up the job, run the tool, and post the vulnerability findings for the team to look at.

Testing done:
Ensured it ran correctly within my fork, and reviewed the vulnerabilities found.

Merge Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.

General

  • [ x] I have read the CONTRIBUTING doc
  • [ x] I certify that the changes I am introducing will be backward compatible, and I have discussed concerns about this, if any, with the Python SDK team
  • [ x] I used the commit message format described in CONTRIBUTING
  • I have passed the region in to all S3 and STS clients that I've initialized as part of this change.
  • I have updated any necessary documentation, including READMEs and API docs (if appropriate)

Tests

  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added unit and/or integration tests as appropriate to ensure backward compatibility of the changes
  • I have checked that my tests are not configured for a specific region or account (if appropriate)
  • I have used unique_name_from_base to create resource names in integ tests (if appropriate)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mohamedzeidan2021
feat: added code scanning through CodeQL
2ac737d 
Delete .github/workflows/security-monitoring.yml
@mohamedzeidan2021 mohamedzeidan2021 requested a review from a team as a code owner July 25, 2024 22:21
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@benieric benieric merged commit 6758bd6 into aws:master Jul 25, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benieric benieric benieric approved these changes

@mohanasudhan mohanasudhan Awaiting requested review from mohanasudhan mohanasudhan is a code owner automatically assigned from aws/sagemaker-ml-frameworks

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mohamedzeidan2021 @benieric