From 57ad3b0456d12041024f4a6d8dfc9536783a1b93 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Wed, 9 Oct 2024 16:24:00 +0530 Subject: [PATCH 01/20] workflow update --- .github/workflows/check-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-branch.yml b/.github/workflows/check-branch.yml index 1e2d24a..68eda98 100644 --- a/.github/workflows/check-branch.yml +++ b/.github/workflows/check-branch.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Comment PR - if: github.base_ref == 'master' && github.head_ref != 'next' + if: github.base_ref == 'master' && github.head_ref != 'staging' uses: thollander/actions-comment-pull-request@v2 with: message: | From 08cb5d6d47c8b27f6a537e8b4a546d0a4fc6caa1 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Wed, 9 Oct 2024 16:48:26 +0530 Subject: [PATCH 02/20] fixed the workflow issue for PR raising --- .github/workflows/check-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-branch.yml b/.github/workflows/check-branch.yml index 68eda98..e79864e 100644 --- a/.github/workflows/check-branch.yml +++ b/.github/workflows/check-branch.yml @@ -14,7 +14,7 @@ jobs: message: | We regret to inform you that you are currently not able to merge your changes into the master branch due to restrictions applied by our SRE team. To proceed with merging your changes, we kindly request that you create a pull request from the next branch. Our team will then review the changes and work with you to ensure a successful merge into the master branch. - name: Check branch - if: github.base_ref == 'master' && github.head_ref != 'next' + if: github.base_ref == 'master' && github.head_ref != 'staging' run: | echo "ERROR: We regret to inform you that you are currently not able to merge your changes into the master branch due to restrictions applied by our SRE team. To proceed with merging your changes, we kindly request that you create a pull request from the next branch. Our team will then review the changes and work with you to ensure a successful merge into the master branch." exit 1 \ No newline at end of file From 8a477bd49611fdbaa78df60afadae974fbce5123 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:28:10 +0530 Subject: [PATCH 03/20] sca-scan.yml --- .github/workflows/sca-scan.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index a642aef..4fa4560 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -6,14 +6,10 @@ jobs: security-sca: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@master - - uses: snyk/actions/setup@master - - name: Setup .NET - uses: actions/setup-dotnet@v3.0.3 - - name: Restore dependencies - run: dotnet restore ./Contentstack.Utils.sln + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities - run: cd Contentstack.Utils && snyk test --fail-on=all + uses: snyk/actions/dotnet@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --fail-on=all From 859fbca96cb827e4a4255c0a1a51f20ab25b83a5 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:28:22 +0530 Subject: [PATCH 04/20] jira.yml --- .github/workflows/jira.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index caa4bbd..250abc7 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -21,7 +21,7 @@ jobs: project: ${{ secrets.JIRA_PROJECT }} issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} summary: | - ${{ github.event.pull_request.title }} + Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} description: | PR: ${{ github.event.pull_request.html_url }} From 78a2b45ccf4acd5db6a436cb938d8ef32ec07137 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:28:23 +0530 Subject: [PATCH 05/20] sast-scan.yml From eb23349e6adea3dbdd7bdb07394e59819e3ec8d5 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:28:25 +0530 Subject: [PATCH 06/20] codeql-analysis.yml From a71223f0312f4451e97b7ae13ec440b6dfb7889e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:28:29 +0530 Subject: [PATCH 07/20] Updated codeowners --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 0773923..1be7e0d 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @contentstack/security-admin \ No newline at end of file +* @contentstack/security-admin From 46ee79e41b67140492c25bd69828128c909daf2e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:26 +0530 Subject: [PATCH 08/20] policy-scan.yml --- .github/workflows/policy-scan.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/policy-scan.yml diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml new file mode 100644 index 0000000..13bd362 --- /dev/null +++ b/.github/workflows/policy-scan.yml @@ -0,0 +1,27 @@ +name: Checks the security policy and configurations +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-policy: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for SECURITY.md policy file + run: | + if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi + security-license: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for License file + run: | + if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file From 61e81a58b2215edf7ccb52d77e1502bdc8fa5261 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:38 +0530 Subject: [PATCH 09/20] issues-jira.yml --- .github/workflows/issues-jira.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/issues-jira.yml diff --git a/.github/workflows/issues-jira.yml b/.github/workflows/issues-jira.yml new file mode 100644 index 0000000..7bf0469 --- /dev/null +++ b/.github/workflows/issues-jira.yml @@ -0,0 +1,31 @@ +name: Create Jira Ticket for Github Issue + +on: + issues: + types: [opened] + +jobs: + issue-jira: + runs-on: ubuntu-latest + steps: + + - name: Login to Jira + uses: atlassian/gajira-login@master + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + - name: Create Jira Issue + id: create_jira + uses: atlassian/gajira-create@master + with: + project: ${{ secrets.JIRA_PROJECT }} + issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} + summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }} + description: | + *GitHub Issue:* ${{ github.event.issue.html_url }} + + *Description:* + ${{ github.event.issue.body }} + fields: "${{ secrets.ISSUES_JIRA_FIELDS }}" \ No newline at end of file From cc7f02412afa474385165db8a3de3fba6041c37a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:39 +0530 Subject: [PATCH 10/20] Delete jira.yml --- .github/workflows/jira.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/jira.yml diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml deleted file mode 100644 index 250abc7..0000000 --- a/.github/workflows/jira.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Create JIRA ISSUE -on: - pull_request: - types: [opened] -jobs: - security-jira: - if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Login into JIRA - uses: atlassian/gajira-login@master - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - name: Create a JIRA Issue - id: create - uses: atlassian/gajira-create@master - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: | - Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} - description: | - PR: ${{ github.event.pull_request.html_url }} - - fields: "${{ secrets.JIRA_FIELDS }}" - - name: Transition issue - uses: atlassian/gajira-transition@v3 - with: - issue: ${{ steps.create.outputs.issue }} - transition: ${{ secrets.JIRA_TRANSITION }} From 406bedf51c16bbc1e148ef7fbedb44fabc0892e6 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:39 +0530 Subject: [PATCH 11/20] Delete sast-scan.yml --- .github/workflows/sast-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index 3b9521a..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-sast: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Semgrep Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From c422d6a542a1df0bdd94394f3300767978fd61f3 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:41 +0530 Subject: [PATCH 12/20] codeql-analysis.yml From 8430c8fdb3f02ffc3c728fab644abe8793d6cf6b Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:55:44 +0530 Subject: [PATCH 13/20] Updated codeowners From 6c232ea6c0376ceeba908c4f3be0a2351629791f Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 23 Apr 2025 21:43:00 +0530 Subject: [PATCH 14/20] policy-scan.yml --- .github/workflows/policy-scan.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml index 13bd362..ff25923 100644 --- a/.github/workflows/policy-scan.yml +++ b/.github/workflows/policy-scan.yml @@ -24,4 +24,23 @@ jobs: - uses: actions/checkout@master - name: Checks for License file run: | - if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file + expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt") + license_file_found=false + current_year=$(date +"%Y") + + for license_file in "${expected_license_files[@]}"; do + if [ -f "$license_file" ]; then + license_file_found=true + # check the license file for the current year, if not exists, exit with error + if ! grep -q "$current_year" "$license_file"; then + echo "License file $license_file does not contain the current year." + exit 2 + fi + break + fi + done + + if [ "$license_file_found" = false ]; then + echo "No license file found. Please add a license file to the repository." + exit 1 + fi \ No newline at end of file From 46c55b40bf60138475386937dac2fe8a408b3b21 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 22:16:20 +0530 Subject: [PATCH 15/20] policy-scan.yml From 91e010ce8a49f78fa7fed10d6e6e9d1a2bdd78f1 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 22:16:28 +0530 Subject: [PATCH 16/20] issues-jira.yml From 5e3c8277a1dc21c64fe03d40cd4d1e6536200d41 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 22:16:28 +0530 Subject: [PATCH 17/20] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000..049c02f --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,29 @@ +name: Secrets Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-secrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: '2' + ref: '${{ github.event.pull_request.head.ref }}' + - run: | + git reset --soft HEAD~1 + - name: Install Talisman + run: | + # Download Talisman + wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman + + # Checksum verification + checksum=$(sha256sum ./talisman | awk '{print $1}') + if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi + + # Make it executable + chmod +x talisman + - name: Run talisman + run: | + # Run Talisman with the pre-commit hook + ./talisman --githook pre-commit \ No newline at end of file From 31480388744b76c5cebabe929fbb7a33c37e065b Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 22:16:32 +0530 Subject: [PATCH 18/20] Updated codeowners From 9e9ee2a19e9faac678a8485c415c5317088f8c05 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 23:37:17 +0530 Subject: [PATCH 19/20] talismanrc file updated --- .talismanrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.talismanrc b/.talismanrc index 4628b50..f94199e 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,7 @@ fileignoreconfig: +- filename: .github/workflows/secrets-scan.yml + ignore_detectors: + - filecontent - filename: Contentstack.Utils/Models/Options.cs checksum: 3dc51f0de02429ef9a43b66e666ac4dbde41195e245f8ecc0094548ca8603245 - filename: Contentstack.Utils/Utils.cs From c3c69dee52ef51e47b8a5dcafa1d12556fd801f5 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Tue, 3 Jun 2025 18:08:31 +0530 Subject: [PATCH 20/20] License updated --- Contentstack.Utils/LICENSE.txt | 2 +- LICENSE | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Contentstack.Utils/LICENSE.txt b/Contentstack.Utils/LICENSE.txt index 3333caa..501f936 100644 --- a/Contentstack.Utils/LICENSE.txt +++ b/Contentstack.Utils/LICENSE.txt @@ -1,6 +1,6 @@ MIT License -Copyright © 2012-2024 Contentstack. All Rights Reserved +Copyright © 2012-2025 Contentstack. All Rights Reserved Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/LICENSE b/LICENSE index 3333caa..501f936 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright © 2012-2024 Contentstack. All Rights Reserved +Copyright © 2012-2025 Contentstack. All Rights Reserved Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal