Skip to content

Commit

Permalink
Merge pull request #915 from snyk/fix/disable-accept-all-in-non-appli…
Browse files Browse the repository at this point in the history 
…cable-types

fix: disable rule injection when not applicable
  • Loading branch information
@aarlaud
aarlaud authored Feb 6, 2025
2 parents 490d4f7 + 57e2dff commit 5322394
Show file tree
Hide file tree
Showing 9 changed files with 7,981 additions and 1 deletion.
5 changes: 5 additions & 0 deletions client-templates/apprisk/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,8 @@ ACCEPT=accept.json
# The path for the broker's internal healthcheck URL. Must start with a '/'.
BROKER_HEALTHCHECK_PATH=/healthcheck

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
6 changes: 6 additions & 0 deletions client-templates/artifactory/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,9 @@ BROKER_HEALTHCHECK_PATH=/healthcheck
# Artifactory validation url, checked by broker client systemcheck endpoint
BROKER_CLIENT_VALIDATION_URL=https://$ARTIFACTORY_URL/api/system/ping
BROKER_CLIENT_VALIDATION_JSON_DISABLED=true

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
6 changes: 6 additions & 0 deletions client-templates/container-registry-agent/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,9 @@ CR_AGENT_URL="https://<agent-host>:<agent-port>"
# Detailed accept rules that allow Snyk to make API calls to container registry
# agent, and agent to call back to Snyk
ACCEPT=accept.json

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
6 changes: 6 additions & 0 deletions client-templates/jira-bearer-auth/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,9 @@ ACCEPT=accept.json

# The path for the broker's internal healthcheck URL. Must start with a '/'.
BROKER_HEALTHCHECK_PATH=/healthcheck

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
6 changes: 6 additions & 0 deletions client-templates/jira/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,9 @@ ACCEPT=accept.json

# The path for the broker's internal healthcheck URL. Must start with a '/'.
BROKER_HEALTHCHECK_PATH=/healthcheck

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
8 changes: 7 additions & 1 deletion client-templates/nexus/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,10 @@ BROKER_CLIENT_VALIDATION_URL=$BASE_NEXUS_URL/service/rest/v1/status/check
BROKER_CLIENT_VALIDATION_JSON_DISABLED=true

# Disable X-Forwarded-For headers so Nexus doesn't return npm tarball uri pointing to the broker server
REMOVE_X_FORWARDED_HEADERS=true
REMOVE_X_FORWARDED_HEADERS=true

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
6 changes: 6 additions & 0 deletions client-templates/nexus2/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,9 @@ BROKER_HEALTHCHECK_PATH=/healthcheck
BROKER_CLIENT_VALIDATION_URL=$BASE_NEXUS_URL/nexus/service/local/status

BROKER_CLIENT_VALIDATION_JSON_DISABLED=true

ACCEPT_ESSENTIALS=false
ACCEPT_GIT=false
ACCEPT_IAC=false
ACCEPT_LARGE_MANIFESTS=false
ACCEPT_CUSTOM_PR_TEMPLATES=false
Loading

0 comments on commit 5322394

Please sign in to comment.