Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Fix the SSH security issue from AMI scan report #1426

Merged
merged 2 commits into from
May 1, 2023
Merged

ci: Fix the SSH security issue from AMI scan report #1426

merged 2 commits into from
May 1, 2023

Conversation

shahzadlone
Copy link
Member

@shahzadlone shahzadlone commented May 1, 2023
edited
Loading

Relevant issue(s)

Resolves #1425

Description

  • Shreds the keys in all locations noted in the issue.
  • Generated the AMI of name: source-defradb-v0.5.0-20230501085514 , with ID: ami-0814ed8a30589825b

How has this been tested?

@shahzadlone shahzadlone self-assigned this May 1, 2023
@shahzadlone shahzadlone added ci/build This is issue is about the build or CI system, and the administration of it. security Related to security labels May 1, 2023
@shahzadlone shahzadlone added this to the DefraDB v0.5.1 milestone May 1, 2023
@shahzadlone shahzadlone added the action/no-benchmark Skips the action that runs the benchmark. label May 1, 2023
@shahzadlone shahzadlone force-pushed the lone/ci/shred-all-ssh-keys-for-security branch from f35f606 to 64f1a34 Compare May 1, 2023 08:17
@sourcenetwork sourcenetwork deleted a comment from source-devs May 1, 2023
@sourcenetwork sourcenetwork deleted a comment from source-devs May 1, 2023
@shahzadlone shahzadlone force-pushed the lone/ci/shred-all-ssh-keys-for-security branch 4 times, most recently from 8b7e781 to 1b46a46 Compare May 1, 2023 09:10
@shahzadlone shahzadlone marked this pull request as ready for review May 1, 2023 09:13
@shahzadlone shahzadlone requested a review from a team May 1, 2023 11:57
AndrewSisley
AndrewSisley approved these changes May 1, 2023
View reviewed changes
Copy link
Contributor

@AndrewSisley AndrewSisley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shahzadlone shahzadlone force-pushed the lone/ci/shred-all-ssh-keys-for-security branch from 1b46a46 to 8cd844a Compare May 1, 2023 18:52
@fredcarle
Copy link
Collaborator

Were the secrets only useful pre open sourcing ?

@shahzadlone
Copy link
Member Author

shahzadlone commented May 1, 2023
edited
Loading

Were the secrets only useful pre open sourcing ?

The ones where I removed them from in this PR, yes. But there are a few other places they are used where they are required and still useful (for PR commenting, etc.)

@shahzadlone shahzadlone merged commit a62a2ae into develop May 1, 2023
@shahzadlone shahzadlone deleted the lone/ci/shred-all-ssh-keys-for-security branch May 1, 2023 19:02
shahzadlone added a commit to shahzadlone/defradb that referenced this pull request Feb 23, 2024
@shahzadlone
ci: Fix the SSH security issue from AMI scan report (sourcenetwork#1426)
47b07d8 
## Relevant issue(s)
Resolves sourcenetwork#1425

## Description
- Shreds the keys in all locations noted in the issue.
- Generated the AMI of name: `source-defradb-v0.5.0-20230501085514` ,
with ID: `ami-0814ed8a30589825b`
- The run that generated the AMI successfully can be found here:
https://github.com/sourcenetwork/defradb/actions/runs/4849906529/jobs/8642330562?pr=1426
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndrewSisley AndrewSisley AndrewSisley approved these changes

Assignees

@shahzadlone shahzadlone

Labels
action/no-benchmark Skips the action that runs the benchmark. ci/build This is issue is about the build or CI system, and the administration of it. security Related to security
Projects
None yet
Milestone
DefraDB v0.5.1
Development

Successfully merging this pull request may close these issues.

Our AWS AMI has security issue with ssh keys found by the scan
3 participants
@shahzadlone @fredcarle @AndrewSisley