Skip to content

ROX-33574: Don't forget to configure scanner pull secrets#19383

Open
mclasmeier wants to merge 1 commit intomasterfrom
mc/helm-scanner-pull-secrets
Open

ROX-33574: Don't forget to configure scanner pull secrets#19383
mclasmeier wants to merge 1 commit intomasterfrom
mc/helm-scanner-pull-secrets

Conversation

@mclasmeier
Copy link
Contributor

@mclasmeier mclasmeier commented Mar 11, 2026
edited
Loading

See ROX-33574. Fixes a bug in the secured-cluster Helm chart.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • Added unit test.

How I validated my change

change me!

@mclasmeier mclasmeier requested a review from a team as a code owner March 11, 2026 17:01
@mclasmeier mclasmeier requested review from porridge and removed request for a team March 11, 2026 17:01
@mclasmeier mclasmeier changed the title ROX-33574 : Don't forget to configure scanner image pull secrets ROX-33574 : Don't forget to configure scanner pull secrets Mar 11, 2026
@mclasmeier mclasmeier changed the title ROX-33574 : Don't forget to configure scanner pull secrets ROX-33574: Don't forget to configure scanner pull secrets Mar 11, 2026
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Mar 11, 2026
edited
Loading

Images are ready for the commit at 985d901.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-301-g985d9015e0.

@mclasmeier mclasmeier force-pushed the mc/helm-scanner-pull-secrets branch from fac2083 to b94ce02 Compare March 12, 2026 08:25
@gitguardian
Copy link

gitguardian bot commented Mar 12, 2026
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
28322140 Triggered Username Password 985d901 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/image-pull-secrets.test.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Don't forget to configure scanner image pull secrets
985d901 
when scanner V4 is disabled and only scanner V2 is being used.
@mclasmeier mclasmeier force-pushed the mc/helm-scanner-pull-secrets branch from b94ce02 to 985d901 Compare March 12, 2026 09:26
@codecov
Copy link

codecov bot commented Mar 12, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.65%. Comparing base (280a428) to head (985d901).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #19383   +/-   ##
=======================================
  Coverage   49.65%   49.65%           
=======================================
  Files        2698     2698           
  Lines      203120   203132   +12     
=======================================
+ Hits       100852   100864   +12     
- Misses      94745    94746    +1     
+ Partials     7523     7522    -1
Flag Coverage Δ
go-unit-tests 49.65% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@porridge porridge Awaiting requested review from porridge porridge is a code owner automatically assigned from stackrox/install

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/helm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mclasmeier @rhacs-bot