From b0b6200d1ac5300481bf930f5af34490137cbe65 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:05:01 +0530 Subject: [PATCH 01/20] sca-scan.yml --- .github/workflows/sca-scan.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/sca-scan.yml diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml new file mode 100644 index 0000000..cb54aad --- /dev/null +++ b/.github/workflows/sca-scan.yml @@ -0,0 +1,14 @@ +name: Source Composition Analysis Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-sca: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - uses: snyk/actions/setup@master + - name: Run Snyk to check for vulnerabilities + run: snyk test --all-projects --fail-on=all + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file From 9ae7e9deb069c941b76ca407010fcdcf8a63ade8 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:05:14 +0530 Subject: [PATCH 02/20] jira.yml --- .github/workflows/jira.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index caa4bbd..250abc7 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -21,7 +21,7 @@ jobs: project: ${{ secrets.JIRA_PROJECT }} issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} summary: | - ${{ github.event.pull_request.title }} + Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} description: | PR: ${{ github.event.pull_request.html_url }} From b0c662721c0537851a6c216f59698c8aa38b8c87 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:05:15 +0530 Subject: [PATCH 03/20] sast-scan.yml From 936a7175241bfde37852d5686b7e50ff874ec1e1 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 20 Jan 2025 12:05:19 +0530 Subject: [PATCH 04/20] Updated codeowners --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 0773923..1be7e0d 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @contentstack/security-admin \ No newline at end of file +* @contentstack/security-admin From a5855fd88811ba789b39c9a6fb2d393408d76771 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:33:22 +0530 Subject: [PATCH 05/20] policy-scan.yml --- .github/workflows/policy-scan.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/policy-scan.yml diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml new file mode 100644 index 0000000..13bd362 --- /dev/null +++ b/.github/workflows/policy-scan.yml @@ -0,0 +1,27 @@ +name: Checks the security policy and configurations +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-policy: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for SECURITY.md policy file + run: | + if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi + security-license: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for License file + run: | + if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file From bafec3b467b2da9adbea59ae7c6f036464d607ff Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:33:32 +0530 Subject: [PATCH 06/20] issues-jira.yml --- .github/workflows/issues-jira.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/issues-jira.yml diff --git a/.github/workflows/issues-jira.yml b/.github/workflows/issues-jira.yml new file mode 100644 index 0000000..7bf0469 --- /dev/null +++ b/.github/workflows/issues-jira.yml @@ -0,0 +1,31 @@ +name: Create Jira Ticket for Github Issue + +on: + issues: + types: [opened] + +jobs: + issue-jira: + runs-on: ubuntu-latest + steps: + + - name: Login to Jira + uses: atlassian/gajira-login@master + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + - name: Create Jira Issue + id: create_jira + uses: atlassian/gajira-create@master + with: + project: ${{ secrets.JIRA_PROJECT }} + issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} + summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }} + description: | + *GitHub Issue:* ${{ github.event.issue.html_url }} + + *Description:* + ${{ github.event.issue.body }} + fields: "${{ secrets.ISSUES_JIRA_FIELDS }}" \ No newline at end of file From 1db8fb2ec5be791cf567faa304ec94837bfb6f34 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:33:33 +0530 Subject: [PATCH 07/20] Delete jira.yml --- .github/workflows/jira.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/jira.yml diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml deleted file mode 100644 index 250abc7..0000000 --- a/.github/workflows/jira.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Create JIRA ISSUE -on: - pull_request: - types: [opened] -jobs: - security-jira: - if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Login into JIRA - uses: atlassian/gajira-login@master - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - name: Create a JIRA Issue - id: create - uses: atlassian/gajira-create@master - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: | - Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} - description: | - PR: ${{ github.event.pull_request.html_url }} - - fields: "${{ secrets.JIRA_FIELDS }}" - - name: Transition issue - uses: atlassian/gajira-transition@v3 - with: - issue: ${{ steps.create.outputs.issue }} - transition: ${{ secrets.JIRA_TRANSITION }} From fd6cc6e7c80009bca21e8c4e6c7c1990f0ced7e7 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:33:34 +0530 Subject: [PATCH 08/20] Delete sast-scan.yml --- .github/workflows/sast-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index 3b9521a..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-sast: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Semgrep Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From a33660dfad33b27ab7c4220c3843e6d9fc7a0943 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:33:37 +0530 Subject: [PATCH 09/20] Updated codeowners From ca909e50c094d1309b2757b40e2bf5eb3362bd15 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 23 Apr 2025 21:36:16 +0530 Subject: [PATCH 10/20] policy-scan.yml --- .github/workflows/policy-scan.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml index 13bd362..ff25923 100644 --- a/.github/workflows/policy-scan.yml +++ b/.github/workflows/policy-scan.yml @@ -24,4 +24,23 @@ jobs: - uses: actions/checkout@master - name: Checks for License file run: | - if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file + expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt") + license_file_found=false + current_year=$(date +"%Y") + + for license_file in "${expected_license_files[@]}"; do + if [ -f "$license_file" ]; then + license_file_found=true + # check the license file for the current year, if not exists, exit with error + if ! grep -q "$current_year" "$license_file"; then + echo "License file $license_file does not contain the current year." + exit 2 + fi + break + fi + done + + if [ "$license_file_found" = false ]; then + echo "No license file found. Please add a license file to the repository." + exit 1 + fi \ No newline at end of file From 8c4cd7456f2399b4fee2d46a2887afe5a4706de2 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 21:59:29 +0530 Subject: [PATCH 11/20] policy-scan.yml From 45b21945cebf96c2ab7524a4bfc91d00e881a0db Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 21:59:36 +0530 Subject: [PATCH 12/20] issues-jira.yml From c606ba557520f096929fc42a2b42f21cd5a0f77d Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 21:59:37 +0530 Subject: [PATCH 13/20] secrets-scan.yml --- .github/workflows/secrets-scan.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000..049c02f --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,29 @@ +name: Secrets Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-secrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: '2' + ref: '${{ github.event.pull_request.head.ref }}' + - run: | + git reset --soft HEAD~1 + - name: Install Talisman + run: | + # Download Talisman + wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman + + # Checksum verification + checksum=$(sha256sum ./talisman | awk '{print $1}') + if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi + + # Make it executable + chmod +x talisman + - name: Run talisman + run: | + # Run Talisman with the pre-commit hook + ./talisman --githook pre-commit \ No newline at end of file From 219451b3862499c52aa3d350290a8fd021096556 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 21:59:40 +0530 Subject: [PATCH 14/20] Updated codeowners From 30b9ccb582a60d5893e8b10bfc771ef674c6407e Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 5 May 2025 23:31:39 +0530 Subject: [PATCH 15/20] talismanrc file updated --- .talismanrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.talismanrc b/.talismanrc index 9dd8a3f..5578c82 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,7 @@ fileignoreconfig: +- filename: .github/workflows/secrets-scan.yml + ignore_detectors: + - filecontent - filename: Contentstack.xcodeproj/project.pbxproj checksum: 10cb4bc5ca755f7392309a88cd6df510a45f8c527ea2f8edc71e1ae1fda60941 - filename: .github/workflows/sast-scan.yml From b4ff58751d943e5cf702de436af0e031a32fac2b Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Thu, 12 Jun 2025 13:10:02 +0530 Subject: [PATCH 16/20] fix: update copyright year in LICENSE file to 2025 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index e17cc92..3851325 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2012-2024 Contentstack +Copyright (c) 2012-2025 Contentstack Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 38738c08ab13b6dd21fe1f7c7c3b97f81b5a4183 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 12 Jun 2025 14:00:02 +0530 Subject: [PATCH 17/20] Delete .github/workflows/sca-scan.yml --- .github/workflows/sca-scan.yml | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 .github/workflows/sca-scan.yml diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml deleted file mode 100644 index cb54aad..0000000 --- a/.github/workflows/sca-scan.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Source Composition Analysis Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-sca: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - uses: snyk/actions/setup@master - - name: Run Snyk to check for vulnerabilities - run: snyk test --all-projects --fail-on=all - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file From f829e78f10dfec6583e8ea6f9d00194c59b199ba Mon Sep 17 00:00:00 2001 From: reeshika-h Date: Fri, 13 Jun 2025 14:26:49 +0530 Subject: [PATCH 18/20] fix: update iOS deployment target to 12.0 and upgrade CocoaPods version to 1.16.2 --- Contentstack.podspec | 2 +- Podfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Contentstack.podspec b/Contentstack.podspec index a382b2e..f51095d 100644 --- a/Contentstack.podspec +++ b/Contentstack.podspec @@ -15,7 +15,7 @@ s.author = { 'Contentstack' => 'support@contentstack.io' } s.source = { :git => 'https://github.com/contentstack/contentstack-ios.git', :tag => 'v3.14.0' } s.social_media_url = 'https://twitter.com/Contentstack' -s.ios.deployment_target = '11.0' +s.ios.deployment_target = '12.0' s.source_files = 'ThirdPartyExtension/ISO8601DateFormatter/*.{h,m}','ThirdPartyExtension/Networking/*.{h,m}','ThirdPartyExtension/MMarkDown/*.{h,m}', 'Contentstack/*.{h,m}', 'Contentstack/ThirdPartyNamespaceHeader/*.h', 'ContentstackInternal/*.{h,m}' diff --git a/Podfile.lock b/Podfile.lock index c23fa6e..291ca6f 100644 --- a/Podfile.lock +++ b/Podfile.lock @@ -1,3 +1,3 @@ PODFILE CHECKSUM: e70b33906e829ccd2b052bc0e0cff91ee8ee49e6 -COCOAPODS: 1.15.2 +COCOAPODS: 1.16.2 From f6fadfa360d8a391d8331874c49fd6b5489cd705 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 8 Sep 2025 22:12:28 +0530 Subject: [PATCH 19/20] Delete secrets-scan.yml --- .github/workflows/secrets-scan.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index 049c02f..0000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-secrets: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: '2' - ref: '${{ github.event.pull_request.head.ref }}' - - run: | - git reset --soft HEAD~1 - - name: Install Talisman - run: | - # Download Talisman - wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman - - # Checksum verification - checksum=$(sha256sum ./talisman | awk '{print $1}') - if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi - - # Make it executable - chmod +x talisman - - name: Run talisman - run: | - # Run Talisman with the pre-commit hook - ./talisman --githook pre-commit \ No newline at end of file From 1bc019532540240e8541580aa448d3f740d67d1c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Mon, 8 Sep 2025 22:12:32 +0530 Subject: [PATCH 20/20] Updated codeowners --- CODEOWNERS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 1be7e0d..032ee0b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,5 @@ -* @contentstack/security-admin +* @contentstack/devex-pr-reviewers + +.github/workflows/policy-scan.yml @contentstack/security-admin + +.github/workflows/issues-jira.yml @contentstack/security-admin