Skip to content

Security hardening#125

Open
lisajulia wants to merge 7 commits into
cap-java:mainfrom
lisajulia:security-hardening
Open

Security hardening#125
lisajulia wants to merge 7 commits into
cap-java:mainfrom
lisajulia:security-hardening

Conversation

@lisajulia

@lisajulia lisajulia commented May 12, 2026

Copy link
Copy Markdown

Hey @Schmarvinius,

can you please have a look at this PR?
This adds security measures as requested by the SAP Product standards.
Furthermore, please:

  • enable secret protection in "Settings -> Advanced Security"
  • add a valid BLACK_DUCK_TOKEN to this repo

Thanks!

@lisajulia lisajulia force-pushed the security-hardening branch from fc79fcb to 5e76118 Compare May 12, 2026 18:27
@Schmarvinius

Schmarvinius commented May 13, 2026

Copy link
Copy Markdown
Contributor

I can enable secret protection, but i don't have a token.

Schmarvinius
Schmarvinius suggested changes May 13, 2026
View reviewed changes
Comment thread .github/actions/scan-with-blackduck/action.yaml Outdated
Comment thread .github/actions/scan-with-blackduck/action.yaml Outdated
Comment thread .github/actions/scan-with-blackduck/action.yaml Outdated
required: true
scan_mode:
description: The scan mode to use (FULL or RAPID)
default: 'RAPID'

@Schmarvinius Schmarvinius May 13, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why RAPID over FULL? (I don't know the scopes of them)

@lisajulia lisajulia May 26, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe 'FULL' creates a permanent record on Blackduck and for this, a token with more permissions is needed (at least my scans with Full always failed because the token did not have enough permissions).

@lisajulia lisajulia May 26, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, so apparently you can do FULL scans :) cap-java/cds-feature-attachments@d328361

Schmarvinius
Schmarvinius suggested changes May 13, 2026
View reviewed changes
Comment thread .github/actions/scan-with-blackduck/action.yaml Outdated
Comment thread .github/workflows/main-build-and-deploy-oss.yml Outdated
@lisajulia lisajulia force-pushed the security-hardening branch from 5e76118 to 02e4ade Compare May 15, 2026 04:45
@lisajulia lisajulia requested a review from Schmarvinius May 26, 2026 17:40
@Schmarvinius

Schmarvinius commented May 27, 2026

Copy link
Copy Markdown
Contributor

Added @mtsvetanov071, so one of the main collaborators is aware of this!

Schmarvinius
Schmarvinius previously approved these changes May 27, 2026
View reviewed changes
@lisajulia lisajulia force-pushed the security-hardening branch from 8d92be0 to 38de334 Compare June 1, 2026 13:17
@lisajulia lisajulia force-pushed the security-hardening branch from 38de334 to 6772225 Compare June 3, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtsvetanov071 mtsvetanov071 Awaiting requested review from mtsvetanov071

1 more reviewer

@Schmarvinius Schmarvinius Schmarvinius left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lisajulia @Schmarvinius