Skip to content

AI Supply Chain Feature Enablement(AST-127864)#1504

Merged
cx-luis-ventuzelos merged 7 commits into
mainfrom
other/ai-sc
Jun 16, 2026
Merged

AI Supply Chain Feature Enablement(AST-127864)#1504
cx-luis-ventuzelos merged 7 commits into
mainfrom
other/ai-sc

Conversation

@cx-atish-jadhav

@cx-atish-jadhav cx-atish-jadhav commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

By submitting this pull request, you agree to the terms within the Checkmarx Code of Conduct. Please review the contributing guidelines for guidance on creating high-quality pull requests.

Description

Please provide a summary of the changes and the related issue. Include relevant motivation and context.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Related Issues

Link any related issues or tickets.

Checklist

  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules
  • I have updated the CLI help for new/changed functionality in this PR (if applicable)
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

Screenshots (if applicable)

Add screenshots to help explain your changes.

Additional Notes

Add any other relevant information.

@stepsecurity-app

stepsecurity-app Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Security Policy Alert: Actions Policy Violation

This workflow run has been blocked by StepSecurity's actions policy.

Disallowed Actions:

  • aidar-freeed/ai-codereviewer@a9a064dfa1db8c83f40ef63f6e247fa09c935ed6

To fix this issue, please modify the workflow to use only allowed actions. Contact your organization administrator to request changes to the allowed actions list if needed.

For more information, see StepSecurity's Actions Policy documentation.

@cx-atish-jadhav
upgraded go version to resolve the trivy
1444ee8
@cx-atish-jadhav
chore: Upgrade anchore/syft v1.21.0 to v1.42.3 to fix CVE-2026-33481
69ee9c3 
- Updated anchore/syft from v1.21.0 to v1.42.3 (CVE-2026-33481: improper temporary file cleanup)
- This also upgraded related dependencies: anchore/stereoscope, containerd/api, olekukonko/tablewriter
- docker/docker v28.0.3 remains due to transitive dependency on Checkmarx internal packages
@cx-atish-jadhav
fix for trivy vulnerabilities
d115a89
@cx-atish-jadhav
Revert "chore: Upgrade anchore/syft v1.21.0 to v1.42.3 to fix CVE-202…
2f451a1 
…6-33481"

This reverts commit 69ee9c3.
cx-umesh-waghode
cx-umesh-waghode approved these changes Jun 16, 2026
View reviewed changes

@cx-umesh-waghode cx-umesh-waghode left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@cx-luis-ventuzelos cx-luis-ventuzelos merged commit a692ce3 into main Jun 16, 2026
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-umesh-waghode cx-umesh-waghode cx-umesh-waghode approved these changes

@cx-luis-ventuzelos cx-luis-ventuzelos cx-luis-ventuzelos approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-atish-jadhav @cx-umesh-waghode @cx-luis-ventuzelos