Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Updated security-ci.yml for specific license violations #300

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Updated security-ci.yml for specific license violations #300

wants to merge 2 commits into from

Conversation

araj-px
Copy link
Contributor

@araj-px araj-px commented Aug 8, 2023

What this PR does / why we need it:

Which issue(s) this PR fixes (optional) PXSEC-830
Closes #

Special notes for your reviewer:

@github-actions
Copy link

github-actions bot commented Aug 8, 2023

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced

Total issues: 0

@github-actions
Copy link

github-actions bot commented Aug 8, 2023

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced
MPL-2.0 license github.com/hashicorp/errwrap 1.1.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/hashicorp/go-multierror@1.1.1', 'github.com/hashicorp/errwrap@1.1.0']
MPL-2.0 license github.com/hashicorp/go-multierror 1.1.1 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/hashicorp/go-multierror@1.1.1']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/resourcecollector@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/csi@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/aws@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/azure@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/kdmp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/gcp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/snapshotter@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/applicationmanager/controllers@#72cf75320066', 'github.com/libopenstorage/stork/drivers/volume/kdmp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0']

Total License Issues: 16

@github-actions
Copy link

github-actions bot commented Aug 8, 2023

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced

Total issues: 0

@github-actions
Copy link

github-actions bot commented Aug 8, 2023

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced Dependency Type
MPL-2.0 license github.com/hashicorp/errwrap 1.1.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/hashicorp/go-multierror@1.1.1', 'github.com/hashicorp/errwrap@1.1.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-multierror 1.1.1 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/hashicorp/go-multierror@1.1.1'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/hashicorp/go-version@1.6.0'] Direct
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/resourcecollector@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/csi@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/aws@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/azure@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/kdmp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/gcp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/drivers/volume/portworx@#72cf75320066', 'github.com/libopenstorage/stork/pkg/snapshot/controllers@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/snapshotter@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect
MPL-2.0 license github.com/hashicorp/go-version 1.6.0 medium MPL-2.0 ['github.com/portworx/kdmp@0.0.0', 'github.com/libopenstorage/stork/pkg/applicationmanager/controllers@#72cf75320066', 'github.com/libopenstorage/stork/drivers/volume/kdmp@#72cf75320066', 'github.com/libopenstorage/stork/pkg/k8sutils@#72cf75320066', 'github.com/libopenstorage/stork/pkg/version@#72cf75320066', 'github.com/hashicorp/go-version@1.6.0'] Indirect

Total License Issues: 16

@araj-px araj-px marked this pull request as ready for review August 8, 2023 08:37
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@px-kesavan px-kesavan px-kesavan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@araj-px @px-kesavan