Automated PR to update settings

.dockerignore

@@ -12,16 +12,20 @@ cucumber
 
 *.deb
 .git
+.idea
 engines/conjur_audit/spec/dummy/log
 coverage
 demo
 dev
 docker
+gems/slosilo/Gemfile.lock
+gems/slosilo/spec/reports
 log
 package
 run
 spec/reports
 spec/reports-audit
+
 tmp
 
 # Ignore directories that are only relevant in gh

.github/CODEOWNERS

@@ -1,10 +1 @@
-* @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team
-
-# Changes to .trivyignore require Security Architect approval
-.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
-
-# Changes to .codeclimate.yml require Quality Architect approval
-.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
-
-# Changes to SECURITY.md require Security Architect approval
-SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
+* @cyberark/ConjurCloud

.gitignore

@@ -73,4 +73,31 @@ conjur_git_commit
 # AuthnOIDC V2 w/ Identity setup
 dev/policies/authenticators/authn-oidc/identity-users.yml
 
+gem/slosilo/*.gem
+gem/slosilo/*.rbc
+gem/slosilo/.bundle
+gem/slosilo/.yardoc
+gem/slosilo/InstalledFiles
+gem/slosilo/_yardoc
+gem/slosilo/coverage
+gem/slosilo/doc/
+gem/slosilo/lib/bundler/man
+gem/slosilo/pkg
+gem/slosilo/rdoc
+gem/slosilo/spec/reports
+gem/slosilo/test/tmp
+gem/slosilo/test/version_tmp
+gem/slosilo/tmp
+gem/slosilo/.rvmrc
+gem/slosilo/.project
+gem/slosilo/.kateproject.d
+gem/slosilo/.idea
+
+# Rufus scheduler lock file
+.slosilo-rotation-rufus-scheduler.lock
+
+# Ignore localstack's cache
+dev/localstack/cache/**
+
+
 VERSION

.trivyignore

@@ -1,93 +0,0 @@
-# OpenSSL CVEs
-#
-# Because of the way OpenSSL 1.0.2 has moved to premium support and our Ubuntu
-# base image, trivy flags a number of OpenSSL issues in Conjur because the fix
-# for most Ubuntu users is to move to 1.1.1 instead of having the continued support
-# in the 1.0.2 line. Additionally, trivy flages 1.0.2zf as vulnerable to issues that
-# only affect 1.1.x. As of the time of this writing, we use 1.0.2zf which either
-# has the fix or is unaffected by these issues.
-CVE-2022-2097
-CVE-2022-2068
-CVE-2022-1292
-CVE-2022-0778
-CVE-2021-23841
-CVE-2021-23840
-CVE-2021-3712
-CVE-2019-1563
-CVE-2019-1551
-CVE-2019-1549
-CVE-2019-1547
-CVE-2018-0735
-CVE-2018-0734
-
-# NULL pointer deref. OpenSSL 1.0.2 is not impacted
-CVE-2021-3449
-
-# We already use a later version than the ones listed as impacted by this
-# CVE, so we believe this is just a scanner issue.
-CVE-2014-7819
-
-# Rake vulnerability for versions < 12.3.3. The version of Rake used by Conjur
-# has been updated to 13.0.1. Some of the Conjur dependencies still declare a
-# vulnerable version of Rake in their development dependencies, but do not pose
-# a risk to Conjur.
-CVE-2020-8130
-
-# Applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake
-# may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert"
-# TLS extension. this issue was fixed in OpenSSL 1.1.1g
-#
-# In order to support fips with openssl we are required to downgrading openssl version to 1.0.2 until openssl will
-# support fips module in newer versions
-# This vulnerability this is not relevant to us as
-# 1. The installed version (1.0.2u) does not support 1.3
-# 2. Trivy detect the usage of openssl 1.0.2 (can be reproduced with
-#    docker run -v /var/run/docker.sock:/var/run/docker.sock
-#   -v $(PWD):/workspace --rm aquasec/trivy -f json -o /workspace/scan_results-conjur-unfixed.json --no-progress
-#   --ignorefile .trivyignore registry.tld/ruby-fips-base-image-phusion:1.0.0)
-#
-# Performed by @yahalomk approved by @shaharglazner
-CVE-2020-1967
-
-# CVE-2020-1971
-# The X.509 GeneralName type is a generic type for representing different types
-# of names. One of those name types is known as EDIPartyName. OpenSSL provides a
-# function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
-# to see if they are equal or not. This function behaves incorrectly when both
-# GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
-# may occur leading to a possible denial of service attack.
-# OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
-#
-# 1) Comparing CRL distribution point names between an available CRL and a CRL
-#    distribution point embedded in an X509 certificate.
-#
-# 2) When verifying that a timestamp response token signer matches the timestamp
-#    authority name (exposed via the API functions TS_RESP_verify_response and
-#    TS_RESP_verify_token) If an attacker can control both items being compared
-#    then that attacker could trigger a crash.
-#
-# All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Fixed in OpenSSL
-# 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
-#
-# In order to support FIPS with OpenSSL we are required to use OpenSSL version
-# 1.0.2 until OpenSSL supports the FIPS module in newer versions. The latest
-# available version to us is 1.0.2u, which does not include this fix.
-#
-# We've determined that we are not impacted by this vulnerability because:
-# - we do not directly perform CRL checks in the Conjur or DAP software
-# - we do not enable automatic CRL checks in openssl tools
-# - we do not call any of the impacted OpenSSL APIs or any of the APIs that expose
-#   impacted behavior.
-#
-# Performed by @micahlee, approved by @andytinkham
-CVE-2020-1971
-
-# CVE-2021-3711
-# The vulnerability is not affected Conjur's version of OpenSSL 1.0.2u (https://www.openssl.org/news/secadv/20210824.txt)
-# Conjur does not use SM2 algorithm (https://www.openssl.org/docs/manmaster/man7/SM2.html)
-CVE-2021-3711
-
-# We have the fix for CVE-2023-0286 in openssl 1.0.2zg, but because OpenSSL 1.0.2 
-# is only available in premium support, trivy thinks we should use something in the 1.1.1
-# line. We can't, due to FIPS compliance, so need to continue to ignore this issue.
-CVE-2023-0286

API_VERSION

@@ -1 +1 @@
-5.3.0
+5.3.1