Skip to content

Add .security_config directory #240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
judavi wants to merge 2 commits into from
Closed

Add .security_config directory #240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b06edac
Add .security_config/security_contact.yaml
judavi Apr 23, 2026
265e117
Add .security_config/security_config.yaml
judavi Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .security_config/security_config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# yaml-language-server: $schema=https://security-api.appsec.inday.io/schemas/security_config.json
# This is the configuration file for Chimera. This file is required to allow the scanning platform to scan your repo.
# Please see https://wolinks.com/chimera for details.
Comment on lines +1 to +3
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that the schema and documentation URLs are accessible

echo "Checking schema URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://security-api.appsec.inday.io/schemas/security_config.json"

echo "Checking documentation URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://wolinks.com/chimera"

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 160

Fix the schema URL reference — it is not accessible and will prevent YAML validation.

The schema URL at line 1 (https://security-api.appsec.inday.io/schemas/security_config.json) returns a connection failure (HTTP 000), preventing the YAML language server from validating this configuration file. Update the URL to a valid, accessible schema endpoint or remove the reference if the schema is no longer available.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.security_config/security_config.yaml around lines 1 - 3, The YAML schema
reference at the top of .security_config/security_config.yaml points to an
inaccessible URL
("https://security-api.appsec.inday.io/schemas/security_config.json"); update
that comment to a reachable schema endpoint or remove the yaml-language-server
$schema comment entirely so the YAML language server can validate the file.
Locate the line containing "yaml-language-server:
$schema=https://security-api.appsec.inday.io/schemas/security_config.json" and
either replace the URL with a working schema URL provided by your security
tooling (or a local schema path) or delete that $schema declaration so
validation will no longer attempt to fetch the broken endpoint.


#####################
# SLACK CONFIGURATION
#####################
# Uncomment the below section and provide a Slack channel's name to allow Chimera to
# notify your slack channel about scans. Please see Chimera documentation on how to do this.
slack:
enabled: true
channel: pd-workflows

##########################
# SCAN TOOL CONFIGURATION
##########################
tools_config:
snyk: {}
12 changes: 12 additions & 0 deletions .security_config/security_contact.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# This file contains contact info for the team that maintains
# this repo. This information will be used by security in the
# event that we need to contact you about security issues
# discovered in this code.
#
# See https://wolinks.com/repocontact for more information.
#
# You may use the Red Hat YAML extension in VS Code to validate this file.
# yaml-language-server: $schema=https://security-api.appsec.inday.io/schemas/security_contact.json
Comment on lines +1 to +9
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that the schema and documentation URLs are accessible

echo "Checking schema URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://security-api.appsec.inday.io/schemas/security_contact.json"

echo "Checking documentation URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://wolinks.com/repocontact"

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 160

The schema URL is not accessible and will prevent VS Code validation.

The schema URL on line 9 (https://security-api.appsec.inday.io/schemas/security_contact.json) is unreachable (connection failed). This breaks the yaml-language-server validation feature mentioned on line 8, preventing developers from getting real-time validation when editing this file. Either restore access to the schema endpoint or provide an alternative schema location.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.security_config/security_contact.yaml around lines 1 - 9, The $schema URL
specified in the YAML (the string
"https://security-api.appsec.inday.io/schemas/security_contact.json") is
unreachable which breaks yaml-language-server validation; fix by replacing that
value under the yaml-language-server: $schema mapping with a reachable schema
URL or a relative path to a checked-in local schema file (e.g., add a local
security_contact.json in the repo and point $schema to that file), or remove the
$schema entry if you cannot provide a valid schema; update the
yaml-language-server $schema entry and commit the schema file or new URL so
editors can validate.


version: "1.0"
include: "git::https://github.com/PipedreamHQ/pipedreamin"
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if the repository exists

echo "Checking if pipedreamin repository exists..."
gh repo view PipedreamHQ/pipedreamin --json nameWithOwner 2>&1

echo -e "\nChecking if pipedream repository exists..."
gh repo view PipedreamHQ/pipedream --json nameWithOwner 2>&1

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 301

Correct the include repository URL - typo in repository name.

The include URL references a non-existent repository https://github.com/PipedreamHQ/pipedreamin. The correct repository is PipedreamHQ/pipedream. Update line 12 to use the correct repository name to ensure the security configuration is properly included.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.security_config/security_contact.yaml at line 12, Update the include URL in
the security configuration so it points to the correct repository: replace the
incorrect include string "git::https://github.com/PipedreamHQ/pipedreamin" with
the correct repository URL "git::https://github.com/PipedreamHQ/pipedream" in
the include statement (the include line shown in the diff).

Loading