Skip to content

ROX-33574: Don't forget to configure scanner pull secrets#19383

Merged
mclasmeier merged 1 commit intomasterfrom
mc/helm-scanner-pull-secrets
Mar 16, 2026
Merged

ROX-33574: Don't forget to configure scanner pull secrets#19383
mclasmeier merged 1 commit intomasterfrom
mc/helm-scanner-pull-secrets

Conversation

@mclasmeier
Copy link
Copy Markdown
Contributor

@mclasmeier mclasmeier commented Mar 11, 2026
edited
Loading

See ROX-33574. Fixes a bug in the secured-cluster Helm chart.

User-facing documentation

This is a bug fix, don't need a CHANGELOG entry for this.

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • Added unit test.

How I validated my change

change me!

@mclasmeier mclasmeier requested a review from a team as a code owner March 11, 2026 17:01
@mclasmeier mclasmeier requested review from porridge and removed request for a team March 11, 2026 17:01
@mclasmeier mclasmeier changed the title ROX-33574 : Don't forget to configure scanner image pull secrets ROX-33574 : Don't forget to configure scanner pull secrets Mar 11, 2026
@mclasmeier mclasmeier changed the title ROX-33574 : Don't forget to configure scanner pull secrets ROX-33574: Don't forget to configure scanner pull secrets Mar 11, 2026
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 11, 2026
edited
Loading

Images are ready for the commit at 985d901.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-301-g985d9015e0.

@mclasmeier mclasmeier force-pushed the mc/helm-scanner-pull-secrets branch from fac2083 to b94ce02 Compare March 12, 2026 08:25
@gitguardian
Copy link
Copy Markdown

gitguardian bot commented Mar 12, 2026
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
28322140 Triggered Username Password 985d901 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/image-pull-secrets.test.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Don't forget to configure scanner image pull secrets
985d901 
when scanner V4 is disabled and only scanner V2 is being used.
@mclasmeier mclasmeier force-pushed the mc/helm-scanner-pull-secrets branch from b94ce02 to 985d901 Compare March 12, 2026 09:26
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 12, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.65%. Comparing base (280a428) to head (985d901).
⚠️ Report is 39 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #19383   +/-   ##
=======================================
  Coverage   49.65%   49.65%           
=======================================
  Files        2698     2698           
  Lines      203120   203132   +12     
=======================================
+ Hits       100852   100864   +12     
- Misses      94745    94746    +1     
+ Partials     7523     7522    -1
Flag Coverage Δ
go-unit-tests 49.65% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mclasmeier mclasmeier merged commit 1331603 into master Mar 16, 2026
105 checks passed
@mclasmeier mclasmeier deleted the mc/helm-scanner-pull-secrets branch March 16, 2026 21:40
@mclasmeier mclasmeier added backport release-4.8 backport release-4.9 https://spaces.redhat.com/spaces/StackRox/pages/558727298 backport release-4.10 labels Mar 17, 2026
rhacs-bot pushed a commit that referenced this pull request Mar 17, 2026
@mclasmeier @github-actions
ROX-33574: Don't forget to configure scanner pull secrets (#19383)
d10a6f6 
(cherry picked from commit 1331603)
rhacs-bot pushed a commit that referenced this pull request Mar 17, 2026
@mclasmeier @github-actions
ROX-33574: Don't forget to configure scanner pull secrets (#19383)
c49330b 
(cherry picked from commit 1331603)
This was referenced Mar 17, 2026
Merged
Merged
rhacs-bot pushed a commit that referenced this pull request Mar 17, 2026
@mclasmeier @github-actions
ROX-33574: Don't forget to configure scanner pull secrets (#19383)
2ae20a4 
(cherry picked from commit 1331603)
@rhacs-bot rhacs-bot mentioned this pull request Mar 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@porridge porridge porridge approved these changes

Assignees

No one assigned

Labels

area/helm backport release-4.8 backport release-4.9 https://spaces.redhat.com/spaces/StackRox/pages/558727298 backport release-4.10

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mclasmeier @rhacs-bot @porridge