Skip to content

Fix for S360/SFI alerts #341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ghidalgo3 merged 4 commits into from
Oct 15, 2025
Merged

Fix for S360/SFI alerts #341

ghidalgo3 merged 4 commits into from
Oct 15, 2025

Conversation

@karthick-rn
Copy link
Contributor

@karthick-rn karthick-rn commented Oct 6, 2025

Description

The changes on this PR were to address the SFI alerts which is an ongoing effort within Microsoft.

Copilot AI reviewed Oct 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses SFI (Security for Infrastructure) alerts by adding a CodeQL justification comment and updating Argo workflows from version 3.7.1 to 3.7.2.

  • Added CodeQL justification comment for SSL verification bypass in CosmosDB emulator connection
  • Updated Argo workflows version from 3.7.1 to 3.7.2 across deployment documentation and configuration

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
pctasks/dev/pctasks/dev/cosmosdb.py Added CodeQL justification comment for SSL verification bypass
docs/development/deploying.md Updated Argo workflows version references in documentation
deployment/helm/argo-values.yaml Updated image tags to use Argo workflows v3.7.2

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

pctasks/dev/pctasks/dev/cosmosdb.py
while True:
try:
resp = requests.get(url, verify=False)
resp = requests.get(url, verify=False) # CodeQL [SM03157] justification
Copy link

Copilot AI Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CodeQL justification comment lacks explanation of why SSL verification is disabled. Consider adding a brief explanation like '# CodeQL [SM03157] SSL verification disabled for local emulator connection' to provide context for reviewers and future maintainers.

Suggested change
resp = requests.get(url, verify=False) # CodeQL [SM03157] justification
resp = requests.get(url, verify=False) # CodeQL [SM03157] SSL verification disabled for local emulator connection

Copilot uses AI. Check for mistakes.
@ghidalgo3 ghidalgo3 merged commit 4a4631e into main Oct 15, 2025
5 checks passed
@ghidalgo3 ghidalgo3 deleted the user/kanarend/openpc-alerts branch October 15, 2025 12:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ghidalgo3 ghidalgo3 ghidalgo3 approved these changes

@gmoralessanchez gmoralessanchez gmoralessanchez approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@karthick-rn @ghidalgo3 @gmoralessanchez