Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Add notes for contrib dependencies with instructions #2208

Merged
merged 3 commits into from
Sep 12, 2023
Merged

security: Add notes for contrib dependencies with instructions #2208

merged 3 commits into from
Sep 12, 2023
+12 −1

Conversation

ajgajg1134
Copy link
Contributor

@ajgajg1134 ajgajg1134 commented Sep 6, 2023
edited
Loading

What does this PR do?

Clarify our policy for contrib dependency version upgrades and give users easy to follow instructions for upgrading

Motivation

We get a number of customers who are (rightfully) concerned about vulnerable versions their security tooling detects. This updated guide will hopefully help customers discover this information without having to open support requests and provides them clear guidance!

Reviewer's Checklist

  • Changed code has unit tests for its functionality at or near 100% coverage.
  • There is a benchmark for any new code, or changes to existing code.
  • If this interacts with the agent in a new way, a system test has been added.

For Datadog employees:

  • If this PR touches code that handles credentials of any kind, such as Datadog API keys, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

Sorry, something went wrong.

@ajgajg1134
security: Add notes for contrib dependencies with instructions

Verified

This commit was signed with the committer’s verified signature.
ajgajg1134 Andrew Glaude
SSH Key Fingerprint: V6BRu/Y/Gq4N5Uwk8OzRFc6U17NPOp7fvzBzN9kYAVk
Verified
Learn about vigilant mode
dbb69b1
@pr-commenter
Copy link

pr-commenter bot commented Sep 6, 2023
edited
Loading

Benchmarks

Benchmark execution time: 2023-09-12 20:11:12

Comparing candidate commit 5049995 in PR branch andrew.glaude/security with baseline commit 246238d in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 39 metrics, 2 unstable metrics.

nsrip-dd
nsrip-dd reviewed Sep 7, 2023
View reviewed changes
@ajgajg1134
recommend go get instead of replace

Verified

This commit was signed with the committer’s verified signature.
ajgajg1134 Andrew Glaude
SSH Key Fingerprint: V6BRu/Y/Gq4N5Uwk8OzRFc6U17NPOp7fvzBzN9kYAVk
Verified
Learn about vigilant mode
630d392
@ajgajg1134 ajgajg1134 marked this pull request as ready for review September 12, 2023 19:56
@ajgajg1134 ajgajg1134 requested a review from a team as a code owner September 12, 2023 19:56
@ajgajg1134
Merge branch 'main' into andrew.glaude/security

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
5049995
@ajgajg1134 ajgajg1134 requested a review from nsrip-dd September 12, 2023 19:56
@ajgajg1134 ajgajg1134 merged commit f8a0ac2 into main Sep 12, 2023
@ajgajg1134 ajgajg1134 deleted the andrew.glaude/security branch September 12, 2023 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katiehockman katiehockman

@nsrip-dd nsrip-dd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ajgajg1134 @katiehockman @nsrip-dd