[DSEC-936] more zap logging; use google cloud logging #584
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
It looks like this PR significantly changes the checks done on a PR and removes the cloud build step. Can you make sure the previous steps are either included or explained as to why they are gone? |
|
Moved static analysis checks to another branch. Left trivy workflow on a schedule and not on pull_request - it fails if run too frequently. Will fix soon. Left deploy workflows disabled - it deploys only docs and was failing. Will fix soon. |
|
There was a problem hiding this comment.
Abort the scan on failure to obtain a GCP token.
I considered causing the scan to abort when calls to set up authentication failed including accepting TOS or setting the cookie. Maybe these should cause scans to abort too, but generating zap sessions after the failure might help diagnose that failure or prove it didn't actually fail.
Add some log messages to zap scanning. Use google.cloud.logging to fix too many logs showing up in GCP logs as errors.