milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1234 commits 61 branches 106 tags 3.3 MiB
Commit graph

1234 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nell Boulle
3ef59f6921
Merge 1b0b85228d into 9453c8c0c9 2026-05-22 16:55:12 +08:00
bitterpanda
9453c8c0c9
Merge pull request #470 from AikidoSec/bump/endpoint-v1.5.4 
Bump Endpoint to v1.5.4
 2026-05-21 10:41:08 -07:00
github-actions[bot]
2621f6f974 Bump Endpoint to v1.5.4 2026-05-21 17:39:03 +00:00
bitterpanda
fd01d9f31b
Merge pull request #466 from AikidoSec/slack-url-secret 
Store the slack url as a secret
 2026-05-20 10:10:10 -07:00
Sander Declerck
0414a79982
Merge pull request #467 from AikidoSec/feat/bump-endpoint-1-5-3 
Bump Endpoint to 1.5.3
 2026-05-20 18:26:42 +02:00
Reinier Criel
70b5e4d012 Bump Endpoint 2026-05-20 08:39:03 -07:00
Sander Declerck
aed0aebdae
Store the slack url as a secret 2026-05-20 09:20:03 +02:00
bitterpanda
6aec1bc474
Merge pull request #464 from AikidoSec/create-bump-endpoint-workflow 
Create a bump-endpoint.yml workflow
 2026-05-19 15:03:09 -07:00
bitterpanda
f6145d5c20
Update bump-endpoint.yml 2026-05-19 14:58:55 -07:00
bitterpanda
ab058367f1 temp: re-add push trigger for testing 2026-05-19 14:56:46 -07:00
bitterpanda
f2cce7b7e9 temp: skip if branch already exists instead of checking for PR 2026-05-19 14:56:15 -07:00
bitterpanda
0b46c5408b
Update bump-endpoint.yml 2026-05-19 14:55:22 -07:00
bitterpanda
07b8571758 temp: post compare URL to Slack instead of creating PR 2026-05-19 14:52:37 -07:00
bitterpanda
3f0837c65a temp: use open-source-releaser runner 2026-05-19 14:48:23 -07:00
bitterpanda
47e9ed0f6c temp: trigger bump-endpoint on push to test 2026-05-19 14:47:33 -07:00
bitterpanda
cbbbe703d3 Add a slack webhook curl req for endpoint bumps 2026-05-19 14:45:26 -07:00
bitterpanda
9d44eca1d1
Apply suggestion from @bitterpanda63 2026-05-19 14:39:04 -07:00
bitterpanda
b38aba43dd Create a bump-endpoint.yml workflow 2026-05-19 14:37:02 -07:00
bitterpanda
93c264ef84
Merge pull request #463 from AikidoSec/remove-npm-token 
Remove obsolete npm token from pipeline
 2026-05-18 09:55:47 -07:00
Sander Declerck
34898980d7
Remove obsolete npm token from pipeline 2026-05-18 10:24:37 +02:00
Reinier Criel
a5c29d9e49
Merge pull request #399 from greenpixie/feat/pdm-support 
Support for PDM package manager (Python)
 2026-05-15 08:43:38 -07:00
Chris Ingram
bf2d37d114
Merge branch 'main' into feat/pdm-support 2026-05-15 08:46:06 +01:00
Sander Declerck
65a8075b0e
Merge pull request #459 from AikidoSec/bug/execpath 
unset PKG_EXECPATH before invoking safe-chain binary
 2026-05-15 09:11:32 +02:00
Chris Ingram
a1b89a55f8
Make block-count assertions count-agnostic in bun e2e 
Bun retries blocked downloads, so the count in "blocked N malicious
package downloads" can be >1. Match on the surrounding text rather than
a fixed count to keep the assertion robust.

Also drops the brittle "pdm update updates dependencies" case.
 2026-05-14 17:16:57 +01:00
Chris Ingram
8ab5cebd4f
Match actual block output in pdm e2e assertions 
The user-facing message is "Safe-chain: blocked N malicious package
downloads", not "blocked by safe-chain" (which only appears in the
proxy's HTTP response, not the rendered CLI output).
 2026-05-14 16:48:18 +01:00
Chris Ingram
ffe7f8de1f
Use numpy==2.4.4 as test malware in pdm e2e tests 
The safe-chain-pi-test package no longer exists on PyPI. Aikido now
patches numpy==2.4.4 into the malware list for tests, matching the
pattern already used in the poetry e2e suite.
 2026-05-14 16:28:50 +01:00
Chris Ingram
54db058ac7
Use getPackageManagerList in safe-chain setup help text 
The install message in `safe-chain setup` help was hardcoding a stale
list of package managers (missing uv, uvx, poetry, pipx, pdm). Use the
existing getPackageManagerList() helper so the list stays in sync with
knownAikidoTools.
 2026-05-14 10:04:18 +01:00
Chris Ingram
8453012f7b
Merge remote-tracking branch 'aikido/main' into feat/pdm-support 2026-05-14 09:51:31 +01:00
Reinier Criel
e0e06431d1 Fix tests 2026-05-13 20:28:58 -07:00
Reinier Criel
6cdad3df98 Fix tests 2026-05-13 20:27:27 -07:00
Reinier Criel
d9b7aefd34 unset PKG_EXECPATH before invoking safe-chain binary 2026-05-13 14:33:58 -07:00
Reinier Criel
0c8de1e606
Merge pull request #382 from mcmeeking/feature/add-rush-monorepo-support 
Add Rush support (for monorepos)
 2026-05-12 10:03:34 -07:00
James McMeeking
fde0003a0a
Fix expected format to account for retries 
Count is apparently not deterministic
 2026-05-12 17:33:31 +01:00
James McMeeking
c93f1920fb
Skip min safe age to allow brand new PNPM boostrap 2026-05-12 16:53:51 +01:00
James McMeeking
d812231b2f
Merge branch 'main' into feature/add-rush-monorepo-support 2026-05-12 16:43:38 +01:00
Sander Declerck
e5cd9eed91
Merge pull request #453 from AikidoSec/fix-e2e-pnpm 
E2E: Use pnpm 10 in node versions that don't support pnpm 11
 2026-05-12 17:27:17 +02:00
James McMeeking
25d966bfa9
Switch to using the versions from the CI matrix 
Incorporates the actual Rush and PNPM versions instead of pinning an old known-good version of PNPM
 2026-05-12 10:52:38 +01:00
James McMeeking
5f0ad7ecfd
Address e2e suite failures 2026-05-12 10:33:26 +01:00
Sander Declerck
6667e5d7b4
E2E: Use pnpm 10 in node versions that don't support pnpm 11 2026-05-11 16:04:27 +02:00
James McMeeking
e891d1a992
Update e2e suite to cover supported package managers 2026-05-08 13:13:37 +01:00
James McMeeking
26f1dfb81a
Use the standard install command for rush 2026-05-08 13:12:57 +01:00
James McMeeking
7ce44b4c62
Remove the unecessary proxy setting 2026-05-08 13:12:40 +01:00
James McMeeking
28132ba3fc
Merge branch 'main' into feature/add-rush-monorepo-support 2026-05-08 11:25:47 +01:00
James McMeeking
55f2123f5c
Remove the normalisation bits added in error 2026-05-08 11:25:07 +01:00
James McMeeking
5f56114185
Add e2e tests 
Note: rushx only dispatches package.json scripts, so it's probably not necessary to add it as a distinct manager at all.
 2026-05-08 11:24:17 +01:00
James McMeeking
08ae1ef732
Pull parsing logic into distinct file and remove invalid continue 2026-05-08 11:08:58 +01:00
bitterpanda
2eb32d4297
Merge pull request #446 from AikidoSec/troubleshooting-guide 
moved troubleshooting from docs to repo
 2026-05-06 16:53:43 +08:00
Samuel Vandamme
fbe094802e reverted copy 2026-05-06 10:51:35 +02:00
Samuel Vandamme
bd876275b3 updated troubleshooting guide and linked from readme 2026-05-06 10:51:13 +02:00
Samuel Vandamme
cd5040c3be moved troubleshooting from docs to here 2026-05-06 10:47:37 +02:00