Release v0.1.19

[xopham]

• update: bump mkdocs-material in the pip-packages group (update: bump mkdocs-material from 9.5.24 to 9.5.25 in the pip-packages group #256)
• update: bump bridgecrewio/checkov-action
• ci: add semgrep workflow
• ci: run semgrep workflow on call
• update: bump docker/login-action in the gh-actions-packages group (update: bump docker/login-action from 3.1.0 to 3.2.0 in the gh-actions-packages group #258)
• feat: semgrep appsec platform login
• docs: improve writing and format, fix typos
• ci: adjust semgrep logged in job
• update: semgr8s v0.1.19

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 41421fa.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/.reusable-sast.yml

Package	Version	License	Issue Type
bridgecrewio/checkov-action	85a668b503d8267b34c43f8d8621f4bae915ce97	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
actions/docker/login-action	0d4c9c5ea7693da7b068278f7b52bda2a190a446	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/docker/login-action	e92390c5fb421da1463c202d546fed0ec5c39f20	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/bridgecrewio/checkov-action	85a668b503d8267b34c43f8d8621f4bae915ce97	Unknown	Unknown
actions/bridgecrewio/checkov-action	c2b3a20bd4fa3f05794555151c2e53ccd23c5077	Unknown	Unknown
actions/docker/login-action	0d4c9c5ea7693da7b068278f7b52bda2a190a446	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/docker/login-action	e92390c5fb421da1463c202d546fed0ec5c39f20	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/actions/checkout	a5ac7e51b41094c92402da3b24376905380afc29	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
pip/mkdocs-material	9.5.25	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/mkdocs-material	9.5.24	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

.github/workflows/.reusable-integration-test.yml

• docker/login-action@0d4c9c5
• docker/login-action@e92390c

.github/workflows/.reusable-sast.yml

• bridgecrewio/checkov-action@85a668b
• bridgecrewio/checkov-action@c2b3a20

.github/workflows/.reusable-sca.yml

• docker/login-action@0d4c9c5
• docker/login-action@e92390c

.github/workflows/semgrep.yml

• actions/checkout@a5ac7e5

poetry.lock

• [email protected]
• [email protected]

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	16	16	0%	5–29
app.py	78	3	96%	116, 175–176
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	197	23	88%

Tests	Skipped	Failures	Errors	Time
18	0 💤	0 ❌	0 🔥	2.229s ⏱️