diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index dbeafce8a34b..5ca3d8f2702e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -9,13 +9,13 @@ /licenses/ @dfinity/idx /bin/ict @dfinity/idx /bin/ @dfinity/idx -/bin/fuzzing/ @dfinity/product-security +/bin/fuzzing/ @dfinity/security # [Bazel] .bazelrc @dfinity/idx .bazelversion @dfinity/idx /bazel/ @dfinity/idx -/bazel/fuzz_testing.bzl @dfinity/idx @dfinity/product-security +/bazel/fuzz_testing.bzl @dfinity/idx @dfinity/security /BUILD.bazel @dfinity/idx /third_party/ @dfinity/idx /MODULE.bazel @dfinity/idx @@ -76,19 +76,19 @@ go.sum @dfinity/idx # [GitHub-Ci] /.github/ @dfinity/idx /.github/workflows/ @dfinity/idx -/.github/workflows/bazel-dependency-submission.yml @dfinity/idx @dfinity/product-security -/.github/workflows/container-scan-nightly.yml @dfinity/idx @dfinity/product-security +/.github/workflows/container-scan-nightly.yml @dfinity/idx @dfinity/node /.github/workflows/ledger-suite-release.yml @dfinity/defi @dfinity/idx -/.github/workflows/publish-crates.yml @dfinity/idx @dfinity/infrasec +/.github/workflows/publish-crates.yml @dfinity/idx @dfinity/security /.github/workflows/repro-check.yml @dfinity/dre @dfinity/idx /.github/workflows/rosetta-release.yml @dfinity/defi @dfinity/idx -/.github/workflows/security-checks.yml @dfinity/idx @dfinity/product-security /.github/CODEOWNERS @dfinity/ic-owners-owners -.github/repo_policies/EXTERNAL_CONTRIB_BLACKLIST @dfinity/idx @dfinity/infrasec +.github/repo_policies/EXTERNAL_CONTRIB_BLACKLIST @dfinity/idx @dfinity/security /ci/ @dfinity/idx -/ci/actions/dependencies/ @dfinity/product-security -/ci/src/dependencies/ @dfinity/product-security -/ci/src/dependencies/resources/container_scanner_finding_failover_ignore_list_guestos.txt @dfinity/node +/ci/src/dependencies/ @dfinity/node +/ci/src/dependencies/integration/github/github_api.py @dfinity/idx @dfinity/node +/ci/src/dependencies/integration/github/github_dependency_submission.py @dfinity/idx +/ci/src/dependencies/job/bazel_rust_gh_submission_job.py @dfinity/idx +/ci/src/dependencies/parser/ @dfinity/idx /ci/scripts/repro-check @dfinity/dre /.pre-commit-config.yaml @dfinity/idx /pre-commit/ @dfinity/idx @@ -118,9 +118,9 @@ go.sum @dfinity/idx /rs/ethereum/ @dfinity/defi /rs/engine_controller/ @dfinity/dre /rs/execution_environment/ @dfinity/core-protocol -/rs/fuzzers/ @dfinity/product-security +/rs/fuzzers/ @dfinity/security /rs/http_endpoints/ @dfinity/core-protocol -/rs/http_endpoints/fuzz/ @dfinity/product-security +/rs/http_endpoints/fuzz/ @dfinity/security /rs/http_utils/ @dfinity/core-protocol /rs/https_outcalls/ @dfinity/core-protocol /rs/https_outcalls/consensus/ @dfinity/core-protocol diff --git a/ci/actions/dependencies/periodic/action.yml b/ci/actions/dependencies/periodic/action.yml deleted file mode 100644 index 16150de3af5b..000000000000 --- a/ci/actions/dependencies/periodic/action.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: 'Dependency Scan Nightly' -runs: - using: "composite" - steps: - - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version: "3.12" - - name: Setup environment deps - id: setup-environment-deps - shell: bash - working-directory: ${{ github.action_path }}/../../../.. - run: | - # this is needed to get more free space on the runner, otherwise might run OOM when building icOS - rm -rf /opt/hostedtoolcache - # Ignore externally-managed-environment pip error, install packages system-wide. - PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --ignore-installed -r requirements.txt - - name: Run Dependency Scan Nightly - id: dependency-scan-nightly - shell: bash - working-directory: ${{ github.action_path }}/../../../.. - run: | - set -euo pipefail - export PYTHONPATH=$PWD/ci/src:$PWD/ci/src/dependencies - cd ci/src/dependencies/ - cp -a $GITHUB_WORKSPACE/config/. config/ - $SHELL_WRAPPER python3 job/bazel_trivy_container_ic_scanner_periodic_job.py - df -h - env: - SHELL_WRAPPER: "/usr/bin/time" - CI_PIPELINE_ID: ${{ github.run_id }}