Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coder/code-marketplace
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: coder/code-marketplace
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 123-add-security-scanning
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 15 commits
  • 6 files changed
  • 1 contributor

Commits on Oct 12, 2025

  1. ci: add security scanning workflows (#123)

    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    9b0ab3a View commit details
    Browse the repository at this point in the history

  2. ci: scan for all CVE severity levels and remove Docker image scan 

    - Scan LOW,MEDIUM,HIGH,CRITICAL instead of only HIGH,CRITICAL
- Remove Docker image scan (no :latest tag exists)
    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    351ea5c View commit details
    Browse the repository at this point in the history

  3. ci: add explicit scanners to Trivy configuration 

    Enable vuln, secret, and misconfig scanners explicitly
    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    980a039 View commit details
    Browse the repository at this point in the history

  4. ci: build and scan Docker image like coder/coder 

    - Build Go binary for linux/amd64
- Build Docker image with buildx
- Scan the built image (not filesystem)
- Matches coder/coder scanning approach
    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    9f26520 View commit details
    Browse the repository at this point in the history

  5. ci: add table output and artifact upload for scan visibility 

    - Add table format scan to show results in workflow logs
- Upload SARIF as artifact for manual inspection
- Matches coder/coder artifact upload pattern
    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    9e22e3a View commit details
    Browse the repository at this point in the history

  6. ci: add workflow_dispatch trigger to scorecard for manual testing

    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    9c091a9 View commit details
    Browse the repository at this point in the history

  7. revert: remove workflow_dispatch from scorecard

    @ausbru87
    ausbru87 committed Oct 12, 2025
    Configuration menu
    Copy the full SHA
    d3b966a View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2025

  1. removed changes from changelog.md

    @ausbru87
    ausbru87 committed Oct 14, 2025
    Configuration menu
    Copy the full SHA
    949cdba View commit details
    Browse the repository at this point in the history

  2. updated Make for multiple targets and updated security.yaml to use ma… 

    …ke and bake.
    @ausbru87
    ausbru87 committed Oct 14, 2025
    Configuration menu
    Copy the full SHA
    6b8d181 View commit details
    Browse the repository at this point in the history

  3. added sha pinning

    @ausbru87
    ausbru87 committed Oct 14, 2025
    Configuration menu
    Copy the full SHA
    c3339da View commit details
    Browse the repository at this point in the history

Commits on Oct 15, 2025

  1. Updated SHAs 

    scorecard.yml:24: actions/checkout → v5.0.0
scorecard.yml:29: ossf/scorecard-action → v2.4.3
security.yaml:32: actions/checkout → v5.0.0 (CodeQL job)
security.yaml:57: actions/checkout → v5.0.0 (Trivy job)
security.yaml:81: aquasecurity/trivy-action → v0.33.1
security.yaml:88: aquasecurity/trivy-action → v0.33.1
    @ausbru87
    ausbru87 committed Oct 15, 2025
    Configuration menu
    Copy the full SHA
    2a40050 View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2025

  1. added explicit build targets for each arch 

    removed PHONY alias
added wildcard for .go files
updated security workflow to use explicit build target vs old alias
    @ausbru87
    ausbru87 committed Oct 16, 2025
    Configuration menu
    Copy the full SHA
    4769896 View commit details
    Browse the repository at this point in the history

  2. added explicit make build command instead of alias to security workflow

    @ausbru87
    ausbru87 committed Oct 16, 2025
    Configuration menu
    Copy the full SHA
    ad4db42 View commit details
    Browse the repository at this point in the history

  3. removed prefixes due to changelog.md being manually curated 

    removed patch ignore and instead we are grouping all-dependencies updates weekly
    @ausbru87
    ausbru87 committed Oct 16, 2025
    Configuration menu
    Copy the full SHA
    0f66771 View commit details
    Browse the repository at this point in the history

  4. reduce potential of credential leak by removing credential persistence

    @ausbru87
    ausbru87 committed Oct 16, 2025
    Configuration menu
    Copy the full SHA
    4bac609 View commit details
    Browse the repository at this point in the history
Loading