Skip to content

Backlog/v12 compilance#2317

Merged
AlexSanchez-bit merged 9 commits into
release/v12.0.0from
backlog/v12_compilance
Jul 9, 2026
Merged

Backlog/v12 compilance#2317
AlexSanchez-bit merged 9 commits into
release/v12.0.0from
backlog/v12_compilance

Conversation

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor

No description provided.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🛑 AI review — Sensitive area, extra care recommended

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. Review carefully before merging.

🛑 architecture (gemini-3-flash-lite) — high/critical — please review

Summary: Introduces new database schema (migrations) and persistence layer for compliance overrides and notes.

  • high backend/database/migrations.go:51 — Database schema change: Adding new tables (utm_compliance_control_status_override, utm_compliance_control_note) requires a production migration plan and verification of existing data compatibility.
  • medium backend/modules/compliance/usecase/evaluator.go:204 — Evaluation logic now depends on external repository state (overrides/notes). Ensure that failures in these repositories do not block the core evaluation process (currently handled via error swallowing, which is acceptable but requires monitoring).

bugs (gemini-3-flash-lite) — clean

Summary: Implementation of manual compliance status overrides and user notes; code is logically sound and follows existing patterns.

No findings.

🛑 security (gemini-3-flash-lite) — high/critical — please review

Summary: Introduces new API endpoints for compliance status overrides and notes, touching security-critical authorization and data handling paths.

  • medium backend/modules/compliance/handler/report.go:169 — The new API endpoints (SetStatusOverride, SetControlNote) lack explicit authorization checks to ensure the user has permission to modify compliance data for the specified framework.

🔴 go-deps — pending updates

🔍 Discovered 25 Go projects

📦 Dependencies with updates available:

  📁 ./agent/updater:
     - github.com/kardianos/service: v1.2.4 → v1.3.0

  📁 ./agent:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - golang.org/x/sys: v0.46.0 → v0.47.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/as400:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/utmstack:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/forwarder:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./installer:
     - github.com/cloudfoundry/gosigar: v1.3.122 → v1.3.123
     - github.com/kardianos/service: v1.2.4 → v1.3.0

  📁 ./backend:
     - cloud.google.com/go/pubsub: v1.50.2 → v1.50.4
     - github.com/aws/aws-sdk-go-v2/config: v1.32.25 → v1.32.29
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.24 → v1.19.28
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.78.0 → v1.79.0
     - github.com/aws/aws-sdk-go-v2/service/sts: v1.43.3 → v1.44.0
     - golang.org/x/crypto: v0.53.0 → v0.54.0
     - google.golang.org/api: v0.286.0 → v0.287.1
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./plugins/inputs:
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./plugins/sophos:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/gcp:
     - cloud.google.com/go/pubsub: v1.50.2 → v1.50.4
     - golang.org/x/crypto: v0.53.0 → v0.54.0
     - google.golang.org/api: v0.286.0 → v0.287.1

  📁 ./plugins/crowdstrike:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/bitdefender:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/azure:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/aws:
     - github.com/aws/aws-sdk-go-v2: v1.42.0 → v1.42.1
     - github.com/aws/aws-sdk-go-v2/config: v1.32.25 → v1.32.29
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.24 → v1.19.28
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.78.0 → v1.79.0
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/soc-ai:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/feeds:
     - golang.org/x/sync: v0.21.0 → v0.22.0

  📁 ./plugins/o365:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./agent-manager:
     - golang.org/x/sync: v0.21.0 → v0.22.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

❌ Please update dependencies before merging.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor Author

added notes and manual status update tables to match v11 features without breaking current v12 evaluation schema, since correlation module change dramaticallyu from v11 and v12 legacy support is not intented

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor Author

user needs to hace admin role to use those requests so no further permission or specialized role is needed to verify user authorization on those actions

@AlexSanchez-bit AlexSanchez-bit merged commit 3ec1262 into release/v12.0.0 Jul 9, 2026
1 check passed
@AlexSanchez-bit AlexSanchez-bit deleted the backlog/v12_compilance branch July 9, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants