From 3d44abeb8b4eabbf5cdf7fed03c5b7d1020accb1 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Thu, 5 Sep 2024 15:10:22 +0200 Subject: [PATCH 1/2] SEC-881: Removed security exception for mender-test-containers Signed-off-by: Ole Herman Schumacher Elgesem --- tom/reports.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tom/reports.py b/tom/reports.py index 89a9d89..c69d2b4 100644 --- a/tom/reports.py +++ b/tom/reports.py @@ -32,10 +32,7 @@ def dump(self): all.append(data) if datetime.datetime.now() - pr.created < datetime.timedelta(days=30): continue - if pr.author == "dependabot[bot]" and not pr.url.startswith( - "https://github.com/mendersoftware/mender-test-containers/pull/" - ): - # TODO - see: https://northerntech.atlassian.net/browse/SEC-881 + if pr.author == "dependabot[bot]": dependabot.append(data) old.append(data) From 289c4ba01d12b8953bfca9131b9619b13a28e360 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Thu, 5 Sep 2024 15:12:41 +0200 Subject: [PATCH 2/2] SEC-1311: Added dependabot exception for reporting repo Signed-off-by: Ole Herman Schumacher Elgesem --- tom/reports.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tom/reports.py b/tom/reports.py index c69d2b4..8517de9 100644 --- a/tom/reports.py +++ b/tom/reports.py @@ -32,7 +32,11 @@ def dump(self): all.append(data) if datetime.datetime.now() - pr.created < datetime.timedelta(days=30): continue - if pr.author == "dependabot[bot]": + if pr.author == "dependabot[bot]" and not pr.url.startswith( + "https://github.com/mendersoftware/reporting/pull/" + ): + # TODO: Security exception for mendersoftware/reporting + # https://northerntech.atlassian.net/browse/SEC-1311 dependabot.append(data) old.append(data)