Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to run Guideline_Enforcer #147

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Allow to run Guideline_Enforcer #147

wants to merge 4 commits into from

Conversation

cedelavergne-ledger
Copy link
Contributor

@cedelavergne-ledger cedelavergne-ledger commented Oct 4, 2024
edited
Loading

Add script allowing to call the Guideline Enforcer checks from ledger-app-workflows repository.
Add missing packages in the container

Bump Speculos & Ragger to their latest version

@ledger-wiz-cspm-secret-detection
Copy link

ledger-wiz-cspm-secret-detection bot commented Oct 4, 2024
edited
Loading

Wiz Scan Summary

Scan Module Critical High Medium Low Info Total
IaC Misconfigurations 0 0 1 1 1 3
Sensitive Data 0 0 0 0 0 0
Secrets 0 0 0 0 0 0
Total 0 0 1 1 1 3

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@agrojean-ledger
Copy link
Contributor

agrojean-ledger commented Oct 10, 2024
edited
Loading

@cedelavergne-ledger shouldn't the enforcer.sh live on ledger-app-workflows and be copied from there directly (via a clone of the repo during the image build in a tmp dir) ?

It seems to me the script is tightly linked to the workflows

@cedelavergne-ledger
Copy link
Contributor Author

@cedelavergne-ledger shouldn't the enforcer.sh live on ledger-app-workflows and be copied from there directly (via a clone of the repo during the image build in a tmp dir) ?

It seems to me the script is tightly linked to the workflows

No, because for the VSCode extension, we need a simple and straight forward method, ideally based on a script: The final usage, with the extension, will be to open the dev-tool container, with a bash command. This latter must be as simple as possible and moreover, generic. Using a script will allow to easily maintain/improve the mechanism in the future, if needed, just by updating the container, without needing to hardcode complexe command line in the extension itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agrojean-ledger agrojean-ledger agrojean-ledger approved these changes

@lpascal-ledger lpascal-ledger Awaiting requested review from lpascal-ledger

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cedelavergne-ledger @agrojean-ledger @lpascal-ledger