made nessus subfolder and added script for fixing container license #320
Conversation
| @@ -157,7 +157,7 @@ def add_commit_push_security_md(repo_path, branch_name): | |||
|
|
|||
| # Create a pull request | |||
| def create_pull_request(repo_path, branch_name, default_branch): | |||
| """Create a pull request for the branch, attempt to add reviewers, and assign 'wz-gsa'.""" | |||
| ""f"Create a pull request for the branch, attempt to add reviewers, and assign '{ASSIGNEE}'.""" | |||
There was a problem hiding this comment.
where is ASSIGNEE being set?
| @@ -157,7 +157,7 @@ def add_commit_push_security_md(repo_path, branch_name): | |||
|
|
|||
| # Create a pull request | |||
| def create_pull_request(repo_path, branch_name, default_branch): | |||
| """Create a pull request for the branch, attempt to add reviewers, and assign 'wz-gsa'.""" | |||
| ""f"Create a pull request for the branch, attempt to add reviewers, and assign '{ASSIGNEE}'.""" | |||
There was a problem hiding this comment.
With the f in the middle of the quotes, you no longer have a triple-quoted string, you have three strings being silently concatenated.
This should probably be either:
f"""Create a pull request for the branch, attempt to add reviewers, and assign '{ASSIGNEE}'."""
or:
f"Create a pull request for the branch, attempt to add reviewers, and assign '{ASSIGNEE}'." (since the triple-quotes aren't actually necessary here)
There was a problem hiding this comment.
what's this for? doesn't seem to be mentioned in the PR description or READMEs.
There was a problem hiding this comment.
it's addition was unintentional on my part. updating my commit and reverting this to draft
There was a problem hiding this comment.
No idea if this is relevant, but this is the script on the Nessus BOSH release the determines if the license is valid and alerts us:
https:/cloud-gov/cg-nessus-manager-boshrelease/blob/main/jobs/nessus-manager/templates/bin/health.sh
Wondering if any of these improvements can go to that script so we don't get alerts in the first place?
There was a problem hiding this comment.
This was based off of that, and may serve as a replacement, but that bosh script was not fixing the underlying issue and required manual intervention yesterday.
There was a problem hiding this comment.
I'm not sure I understand. It looks like this script does the same thing as that BOSH script: detecting if the license is outdated/plugins are outdated and setting Prometheus metrics. So if the changes in this script make things work "correctly" so that we don't get false positives on the alerts, why wouldn't we just replace the BOSH script with this one?
There was a problem hiding this comment.
We probably can. I wanted change control on it and to make this available and use this a few times before moving it there to ensure I tested it thoroughly before shipping it in the bosh release.
There was a problem hiding this comment.
Yeah, my main concern is that I don't want two versions of a script that do the same thing floating around. And as long as we're using the BOSH release with a version of this script already, it seems like the right place for it to go.
Changes proposed in this pull request:
security considerations
Improves security by ensuring plugins remain updated