Skip to content

[PROD RELEASE V6] #7128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kkartunov merged 98 commits into from
Nov 2, 2025
Merged

[PROD RELEASE V6] #7128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
98 commits
Select commit Hold shift + click to select a range
73cf4e1
V6
jmgasper Jul 4, 2025
d1b44c5
community app v6 devops config
Gunasekar-K Jul 14, 2025
a85c6a3
community app v6 devops config
Gunasekar-K Jul 14, 2025
5f272e4
Initial commit
jmgasper Jul 15, 2025
5499d27
Fix up build
jmgasper Jul 15, 2025
64baff2
Update build for v6
jmgasper Jul 15, 2025
92f2a10
Update for v6 challenge status enum values
jmgasper Jul 15, 2025
f31f4fd
CI/CD
jmgasper Aug 11, 2025
2877409
Empty commit for CI/CD
jmgasper Aug 27, 2025
51688a9
Match expected enum values
jmgasper Sep 3, 2025
aa4b329
Lint
jmgasper Sep 3, 2025
60457f4
fix: update the review opportunity list
himaniraghav3 Sep 4, 2025
213dce4
Deploy 1760
himaniraghav3 Sep 4, 2025
a298aaf
fix: normalize response
himaniraghav3 Sep 5, 2025
59cd434
Fix for new submissions response
jmgasper Sep 9, 2025
777182a
Remove Husky
jmgasper Sep 9, 2025
8e32a2a
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Sep 9, 2025
761331c
Further v6 tweaks
jmgasper Sep 9, 2025
4b48855
fix: integrate topcoder-react-lib code to CA
himaniraghav3 Sep 10, 2025
a62a525
fix: auto-review feedback
himaniraghav3 Sep 10, 2025
16c636a
fix: add error handling
himaniraghav3 Sep 11, 2025
b5ce064
Merge pull request #7109 from topcoder-platform/PM-1760
himaniraghav3 Sep 11, 2025
0009b17
Fixes for v6
jmgasper Sep 11, 2025
a425bb0
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Sep 11, 2025
2cb995a
migrate: review opportunity details page to v6 review API
himaniraghav3 Sep 15, 2025
608b14d
fix: ai review feedbacks
himaniraghav3 Sep 15, 2025
08b27d4
fix: remove link
himaniraghav3 Sep 16, 2025
60c420e
Merge pull request #7110 from topcoder-platform/PM-1761
himaniraghav3 Sep 16, 2025
e9f3c33
Fix registrants and submissions tab
jmgasper Sep 17, 2025
33d8feb
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Sep 17, 2025
644678b
PM-1761 QA feedback
himaniraghav3 Sep 19, 2025
b28c4c7
Merge pull request #7111 from topcoder-platform/PM-1761
himaniraghav3 Sep 19, 2025
1cadcd2
Fix submissions tab
jmgasper Sep 21, 2025
e3eb65a
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Sep 21, 2025
87dc25e
Score cleanup
jmgasper Sep 23, 2025
38bed30
fix: apply for review modal
himaniraghav3 Sep 25, 2025
cf495d4
Merge pull request #7114 from topcoder-platform/PM-1761
himaniraghav3 Sep 25, 2025
7bdfc52
fix: time left to apply
himaniraghav3 Sep 25, 2025
d4ae0f4
fix: update link for review help page
himaniraghav3 Sep 25, 2025
ba44427
Merge pull request #7116 from topcoder-platform/PM-2079
himaniraghav3 Sep 25, 2025
508459b
Merge branch 'develop' into v6
himaniraghav3 Sep 25, 2025
bc8d0f8
Various QA fixes PM-1971, PM-1972
jmgasper Sep 26, 2025
9b6fa41
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Sep 26, 2025
3e671c1
Merge pull request #7115 from topcoder-platform/PM-2081
himaniraghav3 Sep 26, 2025
7d98926
Terms updates
jmgasper Oct 3, 2025
b404479
Use V6 APIs for the dashboard / home page
jmgasper Oct 6, 2025
885c341
Updates for challenge track and type objects instead of strings.
jmgasper Oct 7, 2025
c40ccb8
Lint and test cleanup
jmgasper Oct 7, 2025
21dcd3e
API response has final score as string
himaniraghav3 Oct 8, 2025
57a6df5
deploy PM-2233
himaniraghav3 Oct 8, 2025
b638096
Merge pull request #7118 from topcoder-platform/PM-2233
himaniraghav3 Oct 8, 2025
1a4b810
MM leaderboard updates for v6
jmgasper Oct 8, 2025
98c187d
Updates for new statistics endpoint in reports
jmgasper Oct 8, 2025
3c0dbad
More statistics updates
jmgasper Oct 8, 2025
734408c
Further statistics page fixes for v6 reporting API
jmgasper Oct 9, 2025
e553b93
Fix dollar formatting to match past Looker report
jmgasper Oct 9, 2025
daa2318
More statistics reports convert to reports-api-v6
jmgasper Oct 9, 2025
7502ff7
More reports-api-v6 integration
jmgasper Oct 9, 2025
1d9f3d6
Better mapping of looker report ID to reports API v6 endpoints
jmgasper Oct 9, 2025
ab6a405
Updates for community/statistics page
jmgasper Oct 9, 2025
c338035
Additional statistics integrations on /community/statistics
jmgasper Oct 9, 2025
0bfc094
Show terms for challenge even if legacyId absent
himaniraghav3 Oct 9, 2025
128ba3f
Merge pull request #7119 from topcoder-platform/PM-2315
jmgasper Oct 9, 2025
c34e63e
Minor fixes for design options on statistics page
jmgasper Oct 9, 2025
01aedcc
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Oct 9, 2025
030b8ea
Integration of final statistics / v6 report endpoints
jmgasper Oct 9, 2025
0d0a03e
Statistics fix
jmgasper Oct 9, 2025
5e9d6e0
Statistics updates
jmgasper Oct 10, 2025
fd10b54
Statistics page simplification and cleanup
jmgasper Oct 10, 2025
c6a5aa3
Statistics finalization
jmgasper Oct 10, 2025
3f5855c
Lint
jmgasper Oct 10, 2025
8bc2831
Hide "Topgear Task" from the filter menu on the challenge list
jmgasper Oct 20, 2025
9537e53
Bunch of updates to support MMs in v6 on the challenge details screen…
jmgasper Oct 22, 2025
194e238
Use review summations on 'my-submissions' page under challenge details
jmgasper Oct 23, 2025
94f5928
Update CODEOWNERS to reflect default reviewers
kkartunov Oct 23, 2025
0514140
PM-2479 Fix delete option for design challenges
himaniraghav3 Oct 23, 2025
3fbfb57
deploy branch PM-2479
himaniraghav3 Oct 23, 2025
af06ba3
test logs
himaniraghav3 Oct 23, 2025
d657a7d
fix var
himaniraghav3 Oct 23, 2025
b4ee8d1
remove unused var
himaniraghav3 Oct 23, 2025
42c1b03
final fix
himaniraghav3 Oct 23, 2025
e808cea
replace var from topcoder-react-lib
himaniraghav3 Oct 23, 2025
62f6235
update test cases
himaniraghav3 Oct 23, 2025
73726c3
Merge pull request #7124 from topcoder-platform/PM-2479
himaniraghav3 Oct 23, 2025
61fa60f
reviewSummation history sorting for MMs to use created date, not upda…
jmgasper Oct 23, 2025
76f5428
Merge branch 'v6' of github.com:topcoder-platform/community-app into v6
jmgasper Oct 23, 2025
fdc0585
v6 to dev env
kkartunov Oct 28, 2025
f5c483e
Merge pull request #7123 from topcoder-platform/v6
kkartunov Oct 28, 2025
853f77e
Add Trivy scanner workflow for vulnerability scanning
kkartunov Oct 28, 2025
ca9f918
Allow Topgear Submission as a valid submission phase
jmgasper Oct 28, 2025
defb35b
Merge branch 'develop' of github.com:topcoder-platform/community-app …
jmgasper Oct 28, 2025
b35bc2a
Show view submissions for design challenge
himaniraghav3 Oct 29, 2025
575483e
Merge pull request #7125 from topcoder-platform/PM-2598
himaniraghav3 Oct 29, 2025
47b8b1f
Fix Prize values on home page
himaniraghav3 Oct 30, 2025
48dd44d
Merge pull request #7126 from topcoder-platform/PM-2650
himaniraghav3 Oct 30, 2025
03071bf
Change to how we detect a challenge
jmgasper Oct 30, 2025
661bf13
code: update Wipro group id
kkartunov Oct 30, 2025
49bf7d1
correct group id
kkartunov Oct 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
306 changes: 44 additions & 262 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,11 @@ install_dependency: &install_dependency
install_deploysuite: &install_deploysuite
name: Installation of install_deploysuite.
command: |
git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript
git clone --branch v1.4.17 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[❗❗ correctness]
The branch version for tc-deploy-scripts has been updated from v1.4.14 to v1.4.17. Ensure that this new version is compatible with the current deployment process and does not introduce any breaking changes.

cp ./../buildscript/master_deploy.sh .
cp ./../buildscript/buildenv.sh .
cp ./../buildscript/awsconfiguration.sh .
cp ./../buildscript/psvar-processor.sh .
restore_cache_settings_for_build: &restore_cache_settings_for_build
key: docker-node-modules-v4-{{ checksum "package-lock.json" }}

Expand All @@ -43,247 +44,69 @@ save_cache_settings: &save_cache_settings
build_docker_image: &build_docker_image
name: Build of Docker image
command: |
source buildenvvar
source buildvar_env
./build.sh
no_output_timeout: 20m
jobs:
# Build & Deploy against development backend
"build-dev":
<<: *defaults
steps:

build_steps: &build_steps
# Initialization.
- checkout
- setup_remote_docker
- run: *install_dependency
- run: *install_deploysuite
# Restoration of node_modules from cache.
- restore_cache: *restore_cache_settings_for_build
# - restore_cache: *restore_cache_settings_for_build
# Build of Docker image.
- run:
name: "configuring environment"
command: |
./awsconfiguration.sh DEV
./buildenv.sh -e DEV -b dev_communityapp_buildvar,dev_communityapp_deployvar -l dev_communityapp_buildvar_ps
./awsconfiguration.sh ${DEPLOY_ENV}
source awsenvconf
./psvar-processor.sh -t appenv -p /config/${APPNAME}/buildvar
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[❗❗ security]
The script psvar-processor.sh is being used to process environment variables. Verify that this script correctly handles the variables and does not introduce any security vulnerabilities, such as exposing sensitive data.

source buildvar_env
# ./buildenv.sh -e ${DEPLOY_ENV} -b dev_communityapp_buildvar,dev_communityapp_deployvar -l dev_communityapp_buildvar_ps
- run: *build_docker_image
# Caching node modules.
- save_cache: *save_cache_settings
# - save_cache: *save_cache_settings
# Deployment.
- deploy:
name: Running MasterScript
command: |
source awsenvconf
source buildenvvar
./master_deploy.sh -d ECS -e DEV -t latest -s dev_communityapp_taskvar -i communityapp -p FARGATE

# Build & Deploy against testing backend
# "build-test":
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh DEV
# ./buildenv.sh -e DEV -b test_communityapp_buildvar,test_communityapp_deployvar -l dev_communityapp_buildvar_ps
# # Build of Docker image.
# - run: *build_docker_image
# # Caching node modules.
# - save_cache: *save_cache_settings
# # Deployment.
# - deploy:
# name: Running MasterScript
# command: |
# source awsenvconf
# source buildenvvar
# ./master_deploy.sh -d ECS -e DEV -t latest -s test_communityapp_taskvar -i communityapp

# Build & Deploy against testing backend
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-250
# "build-qa":
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh QA
# ./buildenv.sh -e QA -b qa_communityapp_buildvar,qa_communityapp_deployvar -l qa_communityapp_buildvar_ps
# # Build of Docker image.
# - run: *build_docker_image
# # Caching node modules.
# - save_cache: *save_cache_settings
# # Deployment.
# - deploy:
# name: Running MasterScript
# command: |
# source awsenvconf
# source buildenvvar
# ./master_deploy.sh -d ECS -e QA -t latest -s qa_communityapp_taskvar -i communityapp
# source buildenvvar
./psvar-processor.sh -t appenv -p /config/${APPNAME}/deployvar
source deployvar_env
./master_deploy.sh -d ECS -e $DEPLOY_ENV -t latest -j /config/${APPNAME}/appvar -i ${APPNAME} -p FARGATE
# ./master_deploy.sh -d ECS -e DEV -t latest -s dev_communityapp_taskvar -i communityapp -p FARGATE
if [ "${DEPLOY_ENV}" = "PROD" ];
then
# Executing plan
curl --request POST \
--url https://circleci.com/api/v2/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/pipeline \
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[❗❗ security]
The curl command is used to trigger a pipeline with a CircleCI token. Ensure that the token is securely managed and not exposed in logs or error messages to prevent unauthorized access.

--header "Circle-Token: ${CIRCLE_TOKEN}" \
--header 'content-type: application/json' \
--data '{"branch":"'"$CIRCLE_BRANCH"'","parameters":{"run_smoketesting":true , "run_performancetesting":false, "run_basedeployment": false}}'
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ correctness]
The JSON data in the curl command specifies parameters for the pipeline. Confirm that these parameters are correctly set and do not inadvertently trigger unintended workflows.

fi

# Build & Deploy against prod api backend
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-201
# "build-prod-beta":
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh PROD
# ./buildenv.sh -e PROD -b beta_communityapp_buildvar,beta_communityapp_deployvar -l prod_communityapp_buildvar_ps
# # Build of Docker image.
# - run: *build_docker_image
# # Caching node modules.
# - save_cache: *save_cache_settings
# # Deployment.
# - deploy:
# name: Running MasterScript
# command: |
# source awsenvconf
# source buildenvvar
# ./master_deploy.sh -d ECS -e PROD -t latest -s beta_communityapp_taskvar, -i communityapp

# Build & Deploy against prod api backend
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-202
# "build-prod-staging":
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh PROD
# ./buildenv.sh -e PROD -b staging_communityapp_buildvar,staging_communityapp_deployvar -l prod_communityapp_buildvar_ps
# # Build of Docker image.
# - run: *build_docker_image
# # Caching node modules.
# - save_cache: *save_cache_settings
# # Deployment.
# - deploy:
# name: Running MasterScript
# command: |
# source awsenvconf
# source buildenvvar
# ./master_deploy.sh -d ECS -e PROD -t latest -s staging_communityapp_taskvar, -i communityapp
# curl --request POST \
# --url https://circleci.com/api/v2/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/pipeline \
# --header "Circle-Token: ${CIRCLE_TOKEN}" \
# --header 'content-type: application/json' \
# --data '{"branch":"'"$CIRCLE_BRANCH"'","parameters":{"run_smoketesting":true , "run_performancetesting":false, "run_basedeployment": false}}'
jobs:
# Build & Deploy against development backend
"build-dev":
<<: *defaults
environment:
DEPLOY_ENV: "DEV"
LOGICAL_ENV: "dev"
APPNAME: "community-app"
steps: *build_steps

# Build & Deploy against production backend
"build-prod":
<<: *defaults
steps:
# Initialization.
- checkout
- setup_remote_docker
- run: *install_dependency
- run: *install_deploysuite
# Restoration of node_modules from cache.
- restore_cache: *restore_cache_settings_for_build
- run:
name: "configuring environment"
command: |
./awsconfiguration.sh PROD
./buildenv.sh -e PROD -b prod_communityapp_buildvar,prod_communityapp_deployvar -l prod_communityapp_buildvar_ps
# Build of Docker image.
- run: *build_docker_image
# Caching node modules.
- save_cache: *save_cache_settings
# Deployment.
- deploy:
name: Running MasterScript
command: |
source awsenvconf
source buildenvvar
./master_deploy.sh -d ECS -e PROD -t latest -s prod_communityapp_taskvar -i communityapp -p FARGATE
curl --request POST \
--url https://circleci.com/api/v2/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/pipeline \
--header "Circle-Token: ${CIRCLE_TOKEN}" \
--header 'content-type: application/json' \
--data '{"branch":"'"$CIRCLE_BRANCH"'","parameters":{"run_smoketesting":true , "run_performancetesting":false, "run_basedeployment": false}}'

# Automated Smoke Testing against Staging
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-202
# Smoke-Testing-On-Staging:
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh PROD
# ./buildenv.sh -e PROD -b staging_communityapp_buildvar,staging_communityapp_deployvar
# - run:
# name: "Run automation"
# no_output_timeout: 20m
# command: |
# source awsenvconf
# source buildenvvar
# ./automated-smoke-test/smoketest.sh automation-config-staging.json prod
# - store_artifacts:
# path: ./automated-smoke-test/test-results
environment:
DEPLOY_ENV: "PROD"
LOGICAL_ENV: "prod"
APPNAME: "community-app"
steps: *build_steps

# Automated Smoke Testing against Production
# Smoke-Testing-On-Production:
# <<: *defaults
# steps:
# # Initialization.
# - checkout
# - setup_remote_docker
# - run: *install_dependency
# - run: *install_deploysuite
# # Restoration of node_modules from cache.
# - restore_cache: *restore_cache_settings_for_build
# - run:
# name: "configuring environment"
# command: |
# ./awsconfiguration.sh PROD
# ./buildenv.sh -e PROD -b prod_communityapp_buildvar,prod_communityapp_deployvar
# - run:
# name: "Run automation"
# no_output_timeout: 20m
# command: |
# source awsenvconf
# source buildenvvar
# ./automated-smoke-test/smoketest.sh automation-config-prod.json prod
# - store_artifacts:
# path: ./automated-smoke-test/test-results

# Test job for the cases when we do not need deployment. It just rapidly
# installs (updates) app dependencies, and runs tests (ESLint, Stylelint,
Expand Down Expand Up @@ -358,51 +181,9 @@ workflows:
branches:
only:
- develop
- pm-1346
- pm-1358_1
# This is alternate dev env for parallel testing
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-251
# - "build-test":
# context : org-global
# filters:
# branches:
# only:
# - metadata-fix
# This is alternate dev env for parallel testing
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-250
# - "build-qa":
# context : org-global
# filters:
# branches:
# only:
# - qaenv
# This is beta env for production soft releases
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-201
# - "build-prod-beta":
# context : org-global
# filters:
# branches:
# only:
# - develop
# This is stage env for production QA releases
# Deprecate this workflow due to beta env shutdown
# https://topcoder.atlassian.net/browse/CORE-202
# - "build-prod-staging":
# context : org-global
# filters: &filters-staging
# branches:
# only:
# - develop
# - CORE-201
# Production builds are exectuted
# when PR is merged to the master
# Don't change anything in this configuration
# That might trigger wrong branch to be
# deployed on the production
# master branch.
- v6
- PM-2479

- "build-prod":
context: org-global
filters: &filters-prod
Expand All @@ -417,6 +198,7 @@ workflows:
ignore:
- develop
- submission_delete_button
- v6

Smoke Testing:
when: << pipeline.parameters.run_smoketesting >>
Expand Down
34 changes: 34 additions & 0 deletions .github/workflows/trivy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Trivy Scanner

permissions:
contents: read
security-events: write
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[❗❗ security]
The security-events: write permission grants the workflow the ability to write security events, which should be carefully considered. Ensure that this permission is necessary and that the workflow is secure to prevent potential misuse.

on:
push:
branches:
- main
- dev
pull_request:
jobs:
trivy-scan:
name: Use Trivy
runs-on: ubuntu-24.04
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ maintainability]
Using ubuntu-24.04 as the runner might be too forward-looking, as it is not yet a standard version. Consider using a more stable version like ubuntu-latest to ensure compatibility and avoid potential issues with future changes.

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Run Trivy scanner in repo mode
uses: aquasecurity/trivy-action@0.33.1
with:
scan-type: "fs"
ignore-unfixed: true
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH,UNKNOWN"
Copy link

@github-actions github-actions bot Nov 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ correctness]
Including UNKNOWN in the severity list might lead to unexpected results, as it is not a standard severity level. Verify if this is intentional and if it aligns with your security policy.

scanners: vuln,secret,misconfig,license
github-pat: ${{ secrets.GITHUB_TOKEN }}

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
Loading
Loading