Skip to content

Add supply-chain security controls (RHOAIENG-68528)#1121

Closed
szaher wants to merge 1 commit into
mainfrom
RHOAIENG-68528
Closed

Add supply-chain security controls (RHOAIENG-68528)#1121
szaher wants to merge 1 commit into
mainfrom
RHOAIENG-68528

Conversation

@szaher

@szaher szaher commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Address security audit finding FIND-014 by adding vulnerability disclosure policy, dependency scanning, security linting, and supply-chain scoring to CI.

  • Add SECURITY.md with Red Hat Product Security disclosure process
  • Add OpenSSF Scorecard workflow (weekly + on push to main)
  • Add pip-audit workflow for dependency vulnerability scanning on PRs
  • Add bandit pre-commit hook for Python security linting
  • Add github-actions ecosystem to Dependabot for Action updates

Issue link

What changes have been made

Verification steps

Checks

  • I've made sure the tests are passing.
  • Testing Strategy
    • Unit tests
    • Manual tests
    • Testing is not required for this change

Address security audit finding FIND-014 by adding vulnerability
disclosure policy, dependency scanning, security linting, and
supply-chain scoring to CI.

- Add SECURITY.md with Red Hat Product Security disclosure process
- Add OpenSSF Scorecard workflow (weekly + on push to main)
- Add pip-audit workflow for dependency vulnerability scanning on PRs
- Add bandit pre-commit hook for Python security linting
- Add github-actions ecosystem to Dependabot for Action updates

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@openshift-ci

openshift-ci Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign laurafitzgerald for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov

codecov Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.47%. Comparing base (15b121f) to head (e9f5735).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1121   +/-   ##
=======================================
  Coverage   96.47%   96.47%           
=======================================
  Files          23       23           
  Lines        2329     2329           
=======================================
  Hits         2247     2247           
  Misses         82       82           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@szaher szaher closed this Jun 23, 2026
@szaher szaher deleted the RHOAIENG-68528 branch June 23, 2026 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant