Uploaded image for project: 'Qt Quality Assurance Infrastructure'
  1. Qt Quality Assurance Infrastructure
  2. QTQAINFRA-6431

Create a bot to monitor changes for touching security sensitive code

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Done
    • P2: Important
    • None
    • None
    • Qt Security Bot
    • None
    • ec77bead3 (v3.8-based), 1ed01b4a1 (dev)

    Description

      See https://contribute.qt-project.org/quips/23

      A bot should monitor for code changes to security-sensitive files. Take action on the following points:

      • If a security header is modified, especially if severity is reduced
      • If non-comment changes occur in the files

      The bot should post a summary of changes to sensitive files to a teams channel.
      The bot should add a "security_sensitive" hashtag to the change.

      Attachments

        For Gerrit Dashboard: QTQAINFRA-6431
        # Subject Branch Project Status CR V
        571834,21 Say hello to the Qt Security Bot dev qtbots/qtsecuritybot Status: MERGED +2 0
        607371,5 Add UI plugin for commit message banner v3.8-based qtqa/gerrit-plugin-qt-workflow Status: MERGED +2 0

        Activity

          People

            daniel.smith Daniel Smith
            daniel.smith Daniel Smith
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes