From 31521f6f82049dae0600dfe7a035dd1cfbb81fae Mon Sep 17 00:00:00 2001 From: Chris Pawling Date: Thu, 18 Jun 2026 15:16:48 -0500 Subject: [PATCH 1/5] Update security scanning section to reference central doc Replace the Snyk-specific security scanning section with a brief scanner-agnostic section linking to the security scanning reference wiki page. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CONTRIBUTING.md | 32 +++++--------------------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d8b3f021..daeda453 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -92,33 +92,11 @@ pytest -m enterprise --enterprise-uri "https://test-api.lifecyclesolutions.ni.co It is important to note that depending on the terminal you are using, you may need to escape special characters in the API key. -## Security scanning with Snyk - -This repository uses [Snyk](https://snyk.io/) for security scanning to identify and -fix vulnerabilities in code before they reach production. Snyk provides Static -Application Security Testing (SAST) that scans your code for security issues as -you develop. - -- **IDE integration**: Install the Snyk extension for - [Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner) - or - [Visual Studio](https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner-vs-2022) - to get real-time security feedback while writing code. To suggest the Snyk - extension to contributors, add `.vscode/extensions.json` or `.vsconfig` files - to your project root. The VSCode Snyk extension has a richer feature set and - is the preferred IDE for working with Snyk. -- **Pull request scanning**: Snyk automatically scans PRs and posts comments for - high/critical vulnerabilities. -- **Post-merge monitoring**: Automated bugs are created for unresolved issues - after code is merged. - -**Contributors within NI/Emerson**: For detailed guidance on working with Snyk, -including how to address security issues and create ignore records, see the -[Snyk reference](https://dev.azure.com/ni/DevCentral/_wiki/wikis/Stratus/146862/Snyk-reference). - -**Contributors outside of NI/Emerson**: If you are having issues resolving a -vulnerability Snyk identifies on your PR, consult with a code owner to understand -your options for resolution. +## Security scanning + +See the [security scanning reference](https://dev.azure.com/ni/DevCentral/_wiki/wikis/Stratus/160265/Security-scanning-reference) for information on security scanning tools, workflows, and best practices. + +**Contributors outside of NI/Emerson**: If you are having issues resolving a vulnerability identified on your PR, consult with a code owner to understand your options for resolution. ## Developer Certificate of Origin (DCO) From 0e2562897de5f8a2a53f8b58ddb99bf2df059c91 Mon Sep 17 00:00:00 2001 From: Chris Pawling Date: Thu, 18 Jun 2026 15:16:48 -0500 Subject: [PATCH 2/5] Add .wiz file and CODEOWNERS entry for Wiz SCA scanning Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/CODEOWNERS | 1 + .wiz | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 .wiz diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b096c5bf..0b11b354 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,4 @@ * @rbell517 @spanglerco @cameronwaterman /.snyk @chris468 @cameronwaterman @BKnight760 @rbell517 @jattasNI @prestwick +/.wiz @chris468 @cameronwaterman @BKnight760 @rbell517 @jattasNI @prestwick diff --git a/.wiz b/.wiz new file mode 100644 index 00000000..e3acf173 --- /dev/null +++ b/.wiz @@ -0,0 +1,2 @@ +ignore: + global_paths: {} From 735e509ffd5c9d2d61672a812caf4bf4eafac58a Mon Sep 17 00:00:00 2001 From: Chris Pawling Date: Thu, 18 Jun 2026 16:05:48 -0500 Subject: [PATCH 3/5] Add leading comment to .wiz file Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .wiz | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.wiz b/.wiz index e3acf173..31f9213e 100644 --- a/.wiz +++ b/.wiz @@ -1,2 +1,9 @@ +# Wiz Code global path exclusions for this repository. +# +# NOTE: Both /* and /**/* patterns are required per directory due to a known +# Wiz glob bug (WZ-81029) where /**/* does not match direct children of a +# directory. The /* pattern catches direct children while /**/* catches nested +# files. This duplication can be removed once the bug is fixed. + ignore: global_paths: {} From 7351326d944882db249c3c83754c62a169403826 Mon Sep 17 00:00:00 2001 From: Chris Pawling Date: Thu, 18 Jun 2026 16:13:19 -0500 Subject: [PATCH 4/5] Restore Contributors within NI/Emerson note in security section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index daeda453..2cff0378 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -94,7 +94,7 @@ you may need to escape special characters in the API key. ## Security scanning -See the [security scanning reference](https://dev.azure.com/ni/DevCentral/_wiki/wikis/Stratus/160265/Security-scanning-reference) for information on security scanning tools, workflows, and best practices. +**Contributors within NI/Emerson**: See the [security scanning reference](https://dev.azure.com/ni/DevCentral/_wiki/wikis/Stratus/160265/Security-scanning-reference) for information on security scanning tools, workflows, and best practices. **Contributors outside of NI/Emerson**: If you are having issues resolving a vulnerability identified on your PR, consult with a code owner to understand your options for resolution. From bf4ae81e3d7c195fd858dcb06dcdef149be3ed93 Mon Sep 17 00:00:00 2001 From: Chris Pawling Date: Fri, 19 Jun 2026 10:03:33 -0500 Subject: [PATCH 5/5] Use ni/security-scanning-owners team for .snyk and .wiz ownership Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 0b11b354..746c6f41 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,4 @@ * @rbell517 @spanglerco @cameronwaterman -/.snyk @chris468 @cameronwaterman @BKnight760 @rbell517 @jattasNI @prestwick -/.wiz @chris468 @cameronwaterman @BKnight760 @rbell517 @jattasNI @prestwick +/.snyk @ni/security-scanning-owners +/.wiz @ni/security-scanning-owners