Skip to content

chore: Fix datadog vulnerabilities (off-ticket)#1554

Open
JohnStainsby wants to merge 8 commits into
mainfrom
datadog_vulnerabilities
Open

chore: Fix datadog vulnerabilities (off-ticket)#1554
JohnStainsby wants to merge 8 commits into
mainfrom
datadog_vulnerabilities

Conversation

@JohnStainsby

@JohnStainsby JohnStainsby commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Addresses critical and high vulnerabilities reported in DataDog

  • Double quoting bash variables
  • Don't use empty list as default initialiser
  • Don't parse ps output through test tools

Checklist:

Title:

Description:

  • Link to ticket included (unless it's a quick out of ticket thing)
  • Includes tests (or an explanation for why it doesn't)
  • If the work includes user interface changes, before and after screenshots included in description
  • Includes any applicable changes to the documentation in this code base
  • Includes link(s) to any applicable changes to the documentation in the DBT Platform Documentation (can be to a pull request)

Tasks:

Reviewer Checklist

  • I have reviewed the PR and ensured no secret values are present

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or OpenSSF Scorecard issues found.

Scanned Files

None

Signed-off-by: DBT pre-commit check
Signed-off-by: DBT pre-commit check
Signed-off-by: DBT pre-commit check
@JohnStainsby JohnStainsby marked this pull request as ready for review July 9, 2026 13:30
@JohnStainsby JohnStainsby requested a review from a team as a code owner July 9, 2026 13:30
Comment thread images/tools/database-copy/entrypoint.sh Outdated
Comment thread code-security.datadog.yml
Comment on lines +8 to +9
- "terraform/postgres/manage_users.py"
- "dbt_platform_helper/providers/copilot.py"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we fix these rather than suppressing the alerts? Or at least put a ticket on the backlog to come back to them?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The warning for manage_users is a false positive. All of the copilot commands are no longer used the long term fix would be to remove them all, I'll check if there is a ticket for that cleanup task.

Comment thread publish_to_pypi.sh Outdated
@github-actions

Copy link
Copy Markdown
Contributor

Your PR has commits that are missing the Signed-off-by trailer. This is likely due to the pre-commit hook not being configured on your local machine. The usual fix for this issue is to run pre-commit install --install-hooks --overwrite -t commit-msg -t pre-commit, however for more detailed help in setting up the pre-commit hooks, follow the instructions at https://github.com/uktrade/github-standards/blob/main/README.md#usage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants