Sr/fix 17 by sromoam · Pull Request #84 · awslabs/stickler

sromoam · 2026-02-23T16:16:51Z

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

#33

* This PR adds testing to prove that we aren't suffering the error pointed out in Issue #17. #17

sromoam · 2026-02-23T16:17:36Z

@sujimart this one is easy, it actually was already fixed previously, as validated by testing.
I'm gonna close #17 for now, but if you could approve this that'd be great.

github-actions · 2026-02-23T16:20:06Z

🔒 Security Scan Results

ASH Security Scan Report

Report generated: 2026-02-23T16:19:57+00:00
Time since scan: 1 minute

Scan Metadata

Project: ASH
Scan executed: 2026-02-23T16:18:06+00:00
ASH version: 3.1.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Severity levels:
- Suppressed (S): Findings that have been explicitly suppressed and don't affect scanner status
- Critical (C): Highest severity findings that require immediate attention
- High (H): Serious findings that should be addressed soon
- Medium (M): Moderate risk findings
- Low (L): Lower risk findings
- Info (I): Informational findings with minimal risk
Duration (Time): Time taken by the scanner to complete its execution
Actionable: Number of findings at or above the threshold severity level that require attention
Result:
- PASSED = No findings at or above threshold
- FAILED = Findings at or above threshold
- MISSING = Required dependencies not available
- SKIPPED = Scanner explicitly disabled
- ERROR = Scanner execution error
Threshold: The minimum severity level that will cause a scanner to fail
- Thresholds: ALL, LOW, MEDIUM, HIGH, CRITICAL
- Source: Values in parentheses indicate where the threshold is set:
  - global (global_settings section in the ASH_CONFIG used)
  - config (scanner config section in the ASH_CONFIG used)
  - scanner (default configuration in the plugin, if explicitly set)
Statistics calculation:
- All statistics are calculated from the final aggregated SARIF report
- Suppressed findings are counted separately and do not contribute to actionable findings
- Scanner status is determined by comparing actionable findings to the threshold

Scanner	Critical	Low	Actionable	Result	Threshold
bandit	0	3009	0	PASSED	MEDIUM (global)
cdk-nag	0	0	0	PASSED	MEDIUM (global)
cfn-nag	0	0	0	MISSING	MEDIUM (global)
checkov	1	0	1	SKIPPED	MEDIUM (global)
detect-secrets	0	0	0	PASSED	MEDIUM (global)
grype	0	0	0	MISSING	MEDIUM (global)
npm-audit	0	0	0	PASSED	MEDIUM (global)
opengrep	0	0	0	MISSING	MEDIUM (global)
semgrep	0	0	0	PASSED	MEDIUM (global)
syft	0	0	0	MISSING	MEDIUM (global)

Top 1 Hotspots

Files with the highest number of security findings:

Finding Count	File Location
1	.github/workflows/workflow.yml

Detailed Findings

Show 1 actionable findings

Finding 1: CKV2_GHA_1

Severity: HIGH
Scanner: checkov
Rule ID: CKV2_GHA_1
Location: .github/workflows/workflow.yml:11-12

Description:
Ensure top-level permissions are not set to write-all

Report generated by Automated Security Helper (ASH) at 2026-02-23T16:19:58+00:00

sromoam · 2026-02-27T17:20:19Z

Need to remove the code change to the non-test file, here.

github-actions · 2026-03-16T15:41:40Z

🔒 Security Scan Results

ASH Security Scan Report

Report generated: 2026-03-16T15:41:31+00:00
Time since scan: 2 minutes

Scan Metadata

Project: ASH
Scan executed: 2026-03-16T15:39:30+00:00
ASH version: 3.1.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Severity levels:
- Suppressed (S): Findings that have been explicitly suppressed and don't affect scanner status
- Critical (C): Highest severity findings that require immediate attention
- High (H): Serious findings that should be addressed soon
- Medium (M): Moderate risk findings
- Low (L): Lower risk findings
- Info (I): Informational findings with minimal risk
Duration (Time): Time taken by the scanner to complete its execution
Actionable: Number of findings at or above the threshold severity level that require attention
Result:
- PASSED = No findings at or above threshold
- FAILED = Findings at or above threshold
- MISSING = Required dependencies not available
- SKIPPED = Scanner explicitly disabled
- ERROR = Scanner execution error
Threshold: The minimum severity level that will cause a scanner to fail
- Thresholds: ALL, LOW, MEDIUM, HIGH, CRITICAL
- Source: Values in parentheses indicate where the threshold is set:
  - global (global_settings section in the ASH_CONFIG used)
  - config (scanner config section in the ASH_CONFIG used)
  - scanner (default configuration in the plugin, if explicitly set)
Statistics calculation:
- All statistics are calculated from the final aggregated SARIF report
- Suppressed findings are counted separately and do not contribute to actionable findings
- Scanner status is determined by comparing actionable findings to the threshold

Scanner	Critical	Low	Actionable	Result	Threshold
bandit	0	3127	0	PASSED	MEDIUM (global)
cdk-nag	0	0	0	PASSED	MEDIUM (global)
cfn-nag	0	0	0	MISSING	MEDIUM (global)
checkov	1	0	1	SKIPPED	MEDIUM (global)
detect-secrets	0	0	0	PASSED	MEDIUM (global)
grype	0	0	0	MISSING	MEDIUM (global)
npm-audit	0	0	0	PASSED	MEDIUM (global)
opengrep	0	0	0	MISSING	MEDIUM (global)
semgrep	0	0	0	PASSED	MEDIUM (global)
syft	0	0	0	MISSING	MEDIUM (global)

Top 1 Hotspots

Files with the highest number of security findings:

Finding Count	File Location
1	.github/workflows/workflow.yml

Detailed Findings

Show 1 actionable findings

Finding 1: CKV2_GHA_1

Severity: HIGH
Scanner: checkov
Rule ID: CKV2_GHA_1
Location: .github/workflows/workflow.yml:11-12

Description:
Ensure top-level permissions are not set to write-all

Report generated by Automated Security Helper (ASH) at 2026-03-16T15:41:32+00:00

github-actions · 2026-03-16T15:42:04Z

🔒 Security Scan Results

ASH Security Scan Report

Report generated: 2026-03-16T15:41:56+00:00
Time since scan: 2 minutes

Scan Metadata

Project: ASH
Scan executed: 2026-03-16T15:39:52+00:00
ASH version: 3.1.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Severity levels:
- Suppressed (S): Findings that have been explicitly suppressed and don't affect scanner status
- Critical (C): Highest severity findings that require immediate attention
- High (H): Serious findings that should be addressed soon
- Medium (M): Moderate risk findings
- Low (L): Lower risk findings
- Info (I): Informational findings with minimal risk
Duration (Time): Time taken by the scanner to complete its execution
Actionable: Number of findings at or above the threshold severity level that require attention
Result:
- PASSED = No findings at or above threshold
- FAILED = Findings at or above threshold
- MISSING = Required dependencies not available
- SKIPPED = Scanner explicitly disabled
- ERROR = Scanner execution error
Threshold: The minimum severity level that will cause a scanner to fail
- Thresholds: ALL, LOW, MEDIUM, HIGH, CRITICAL
- Source: Values in parentheses indicate where the threshold is set:
  - global (global_settings section in the ASH_CONFIG used)
  - config (scanner config section in the ASH_CONFIG used)
  - scanner (default configuration in the plugin, if explicitly set)
Statistics calculation:
- All statistics are calculated from the final aggregated SARIF report
- Suppressed findings are counted separately and do not contribute to actionable findings
- Scanner status is determined by comparing actionable findings to the threshold

Scanner	Critical	Low	Actionable	Result	Threshold
bandit	0	3127	0	PASSED	MEDIUM (global)
cdk-nag	0	0	0	PASSED	MEDIUM (global)
cfn-nag	0	0	0	MISSING	MEDIUM (global)
checkov	1	0	1	SKIPPED	MEDIUM (global)
detect-secrets	0	0	0	PASSED	MEDIUM (global)
grype	0	0	0	MISSING	MEDIUM (global)
npm-audit	0	0	0	PASSED	MEDIUM (global)
opengrep	0	0	0	MISSING	MEDIUM (global)
semgrep	0	0	0	PASSED	MEDIUM (global)
syft	0	0	0	MISSING	MEDIUM (global)

Top 1 Hotspots

Files with the highest number of security findings:

Finding Count	File Location
1	.github/workflows/workflow.yml

Detailed Findings

Show 1 actionable findings

Finding 1: CKV2_GHA_1

Severity: HIGH
Scanner: checkov
Rule ID: CKV2_GHA_1
Location: .github/workflows/workflow.yml:11-12

Description:
Ensure top-level permissions are not set to write-all

Report generated by Automated Security Helper (ASH) at 2026-03-16T15:41:57+00:00

sromoam added 2 commits February 23, 2026 10:10

Fixing the issues refernced in Issue #33

2acf1d1

#33

This PR includes tests that cover the complaint in #17

d9042bb

* This PR adds testing to prove that we aren't suffering the error pointed out in Issue #17. #17

sromoam requested a review from adiadd February 23, 2026 16:16

sromoam assigned sujimart Feb 23, 2026

sromoam mentioned this pull request Feb 23, 2026

[BUG]: First empty field auto-populates with 'FieldInfo...' instead of remaining None #17

Closed

1 task

sromoam added 2 commits March 16, 2026 10:32

reverting the unneeded file change from dev.

beef26f

Fixing the ruff linting issues in this PR.

ad5f2d6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sr/fix 17#84

Sr/fix 17#84
sromoam wants to merge 4 commits intodevfrom
sr/fix_17

sromoam commented Feb 23, 2026

Uh oh!

sromoam commented Feb 23, 2026

Uh oh!

github-actions bot commented Feb 23, 2026

Finding 1: CKV2_GHA_1

Uh oh!

sromoam commented Feb 27, 2026

Uh oh!

github-actions bot commented Mar 16, 2026

Finding 1: CKV2_GHA_1

Uh oh!

github-actions bot commented Mar 16, 2026

Finding 1: CKV2_GHA_1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

sromoam commented Feb 23, 2026

Uh oh!

sromoam commented Feb 23, 2026

Uh oh!

github-actions bot commented Feb 23, 2026

🔒 Security Scan Results

ASH Security Scan Report

Scan Metadata

Summary

Scanner Results

Top 1 Hotspots

Detailed Findings

Finding 1: CKV2_GHA_1

Uh oh!

sromoam commented Feb 27, 2026

Uh oh!

github-actions bot commented Mar 16, 2026

🔒 Security Scan Results

ASH Security Scan Report

Scan Metadata

Summary

Scanner Results

Top 1 Hotspots

Detailed Findings

Finding 1: CKV2_GHA_1

Uh oh!

github-actions bot commented Mar 16, 2026

🔒 Security Scan Results

ASH Security Scan Report

Scan Metadata

Summary

Scanner Results

Top 1 Hotspots

Detailed Findings

Finding 1: CKV2_GHA_1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants