From 08bb87494f5099a9eafeb78fbb7d9ce98686e408 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:31:58 +0100 Subject: [PATCH 01/12] test cicd --- config.yml.sample | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config.yml.sample b/config.yml.sample index ae16aec..388e7ab 100644 --- a/config.yml.sample +++ b/config.yml.sample @@ -1,6 +1,6 @@ opencti: - url: http://opencti:8080 - token: "CHANGE_ME" + url: 'http://opencti:8080' + token: "ChangeMe" connector: id: ChangeMe @@ -8,7 +8,7 @@ connector: name: DEP Connector scope: incident,identity,indicator log_level: info - interval: 3600 + interval: 3600 # In seconds # Connector specific configuration # All values can also be provided with environment variables prefixed with @@ -28,4 +28,4 @@ dep: extended_results: true enable_site_indicator: true enable_hash_indicator: true - skip_empty_victim: true + skip_empty_victim: true \ No newline at end of file From 014dd0796ebe8f6a67b7618217ab36808a6d9d54 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:33:13 +0100 Subject: [PATCH 02/12] fix --- .github/{ => workflows}/python-ci.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/python-ci.yml (100%) diff --git a/.github/python-ci.yml b/.github/workflows/python-ci.yml similarity index 100% rename from .github/python-ci.yml rename to .github/workflows/python-ci.yml From 6cd67c5e3cad85f07432827fef44d23015bc8b22 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:36:03 +0100 Subject: [PATCH 03/12] fix --- .github/workflows/python-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 9a7c99b..fb238a1 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -8,7 +8,7 @@ jobs: contents: read uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0 with: - working-directory: "." + working-directory: '.' build-docker-image: permissions: @@ -21,4 +21,6 @@ jobs: with: image: digintlab/opencti-connector platforms: linux/amd64, linux/amd64 + egress-policy-allowlist: > + deb.debian.org:443 push: false From 0e3f35bbe04d68ae0d9bc44a39dab493e7c7292f Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:37:23 +0100 Subject: [PATCH 04/12] fix --- .github/workflows/python-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index fb238a1..ee87c6c 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -23,4 +23,5 @@ jobs: platforms: linux/amd64, linux/amd64 egress-policy-allowlist: > deb.debian.org:443 + deb.debian.org:80 push: false From 57eee752e15312e63e0f0e1795389dc55406b2f9 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:41:02 +0100 Subject: [PATCH 05/12] fix --- .github/workflows/python-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index ee87c6c..e14f9ed 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -24,4 +24,5 @@ jobs: egress-policy-allowlist: > deb.debian.org:443 deb.debian.org:80 + files.pythonhosted.org:443 push: false From 925622bd39d739f04ad5e539bdc766bd74040056 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:41:10 +0100 Subject: [PATCH 06/12] fix --- .github/workflows/python-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index e14f9ed..72b7302 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -24,5 +24,5 @@ jobs: egress-policy-allowlist: > deb.debian.org:443 deb.debian.org:80 - files.pythonhosted.org:443 + files.pythonhosted.org:443 push: false From 12e7a0124e7ee0de5637d13ddd60df105c62a0b5 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:42:55 +0100 Subject: [PATCH 07/12] fix --- .github/workflows/python-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 72b7302..4446eb4 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -25,4 +25,5 @@ jobs: deb.debian.org:443 deb.debian.org:80 files.pythonhosted.org:443 + pypi.org:443 push: false From 099d4ca85f75e2d2b61d7c50b3a80d0e9d450df0 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:45:37 +0100 Subject: [PATCH 08/12] fix --- .github/workflows/python-ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 4446eb4..45c6145 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -2,7 +2,26 @@ name: Connector CI on: pull_request: +concurrency: + group: ghas-security-scan-${{ github.ref }} + cancel-in-progress: true + jobs: + infra-scan: + permissions: + contents: read + pull-requests: write + security-events: write + uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0 + sast: + permissions: + contents: read + pull-requests: write + security-events: write + uses: notdodo/github-actions/.github/workflows/sast.yml@sast-v0 + secrets: + semgrep_app_token: ${{ secrets.SEMGREP_APP_TOKEN }} + python-ci-pulumi: permissions: contents: read From 631e0297948ecae9e6ffcee8e426f75642c28d8b Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:46:05 +0100 Subject: [PATCH 09/12] fix --- .github/workflows/python-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 45c6145..a16cdcd 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -19,8 +19,6 @@ jobs: pull-requests: write security-events: write uses: notdodo/github-actions/.github/workflows/sast.yml@sast-v0 - secrets: - semgrep_app_token: ${{ secrets.SEMGREP_APP_TOKEN }} python-ci-pulumi: permissions: From 41c49daf2f3568850d4bf628cf93d404407471dd Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:46:47 +0100 Subject: [PATCH 10/12] fix --- .github/workflows/python-ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index a16cdcd..18a339b 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -13,12 +13,6 @@ jobs: pull-requests: write security-events: write uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0 - sast: - permissions: - contents: read - pull-requests: write - security-events: write - uses: notdodo/github-actions/.github/workflows/sast.yml@sast-v0 python-ci-pulumi: permissions: From 2c351b6cbc28101b96b8aa43cb6ba95e744066b9 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:49:02 +0100 Subject: [PATCH 11/12] fix --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 8b62d5b..e2debde 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,4 @@ +# kics-scan ignore services: rsa-key-generator: image: alpine/openssl:3.5.2 From b0578c5f61caec007130e91422cf22b557c21264 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:50:29 +0100 Subject: [PATCH 12/12] fix --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 1ea5fbb..774667b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,7 @@ HEALTHCHECK NONE ENV PATH="/app/.venv/bin:${PATH}" +# kics-scan ignore-line RUN apt update && apt install -y libmagic-dev RUN adduser --system --no-create-home app