Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement GitHub Actions for Security Test Tool Version Verification #570

Open
fguisso opened this issue Oct 17, 2023 · 2 comments · May be fixed by #578
Open

Implement GitHub Actions for Security Test Tool Version Verification #570

fguisso opened this issue Oct 17, 2023 · 2 comments · May be fixed by #578
Labels
hacktoberfest

Comments

@fguisso
Copy link
Member

fguisso commented Oct 17, 2023

  1. Problem Description:

    • Currently, we lack an automated process to verify and ensure that the versions of security test tools defined in the config.yml file are up-to-date.

  2. Steps to Reproduce:

    • N/A

  3. Expected Behavior:

    • We need a GitHub Actions workflow that checks the versions of security test tools specified in our config.yml file against the latest available versions.

  4. Current Behavior:

    • The versions of security test tools in our config.yml may become outdated over time, potentially leading to security vulnerabilities or issues in the testing process.

  5. Proposed Changes:

    • Implement a GitHub Actions workflow that runs periodically or on pull requests.
    • The workflow should extract the tool versions from the config.yml file and compare them against the latest versions available.
    • If any tool version is outdated, the workflow should create a new GitHub issue to inform maintainers about the outdated tool and suggest an update.

  6. Dependencies:

    • GitHub Actions must be enabled for the repository.
    • The workflow should include steps to parse the config.yml file and compare versions.

  7. Testing:

    • Test the GitHub Actions workflow on a branch or forked repository to ensure it accurately detects outdated tool versions.

  8. Documentation Updates:

    • Update the project documentation to inform contributors and maintainers about the new GitHub Actions workflow and its purpose.

  9. Expected Impact:

    • The implementation of this workflow ensures that our security test tools are always using the latest versions, enhancing the security posture of the project.

Environment:

  • GitHub Actions: Enabled
  • Config File: .github/workflows/tools_version_check.yml

Note: Please ensure that the necessary permissions and API tokens are configured for GitHub Actions to access the repository and create issues.
@CaiqueCoelho
Copy link

Hey @fguisso could I work on this too? I've a good ideia for this one 😄

@CaiqueCoelho
Copy link

Quick question @fguisso, do you want this to run on PRs or push, or would you like it to run, for example, once a scheduled week?

@CaiqueCoelho CaiqueCoelho linked a pull request Oct 27, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Tools version check CaiqueCoelho/huskyCI
2 participants
@fguisso @CaiqueCoelho