Conversation
* feat(api): add support for multiple connections in AWS integration * fix(api): improve error handling and connection activation logic * feat(cloud-tests): conditionally show "Add connection" button for providers * fix(api): enhance AWS credentials validation and improve connection handling * fix(integrations): improve success message for AWS connection * fix(integrations): prevent re-initialization of connection view on open * fix(api): merge existing credentials for AWS connection validation --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
PR SummaryMedium Risk Overview AWS connection hardening + multi-region scanning. AWS connections are now validated before creation and before credential updates by assuming roles via New scheduled cloud security scans. Adds Trigger.dev tasks Task + vendor workflow updates. Adds Written by Cursor Bugbot for commit 35a99c7. This will update automatically on new commits. Configure here. |
|
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
* feat(cloud-security): add daily scheduled task for cloud security scans * feat(cloud-security): enhance AWS region scanning with improved credential handling * refactor(cloud-security): improve error handling and logging in scan task * refactor(cloud-security): simplify primary region assignment in AWS service --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
* fix(app): remove device hosts when removing a member * fix(app): remove device hosts before deactivating the member * fix(app): remove devices from fleet before assignment clearing and member deactivation * fix(app): add null check on hosts array before mapping --------- Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com> Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: chasprowebdev <70908289+chasprowebdev@users.noreply.github.com>
| return fleet.delete(`/hosts/${hostId}`); | ||
| })); | ||
| } | ||
| } |
There was a problem hiding this comment.
FleetDM failure blocks member removal operation
Medium Severity
The new FleetDM integration code runs without error handling before the database cleanup operations. If getFleetInstance() fails (e.g., missing FLEET_URL/FLEET_TOKEN environment variables) or any of the FleetDM API calls fail (network issues, service unavailable, invalid label ID), the entire member removal operation fails. This prevents removing members from the organization when FleetDM is misconfigured or unavailable, even though FleetDM cleanup is not essential to the core operation of deactivating a member.
* feat(vendor): implement risk assessment triggering and update schemas * feat(vendor): handle failure states in risk assessment run * feat(tasks): add bulk delete endpoint for tasks and corresponding UI * feat(vendor): implement AI-based normalization for risk levels --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
apps/app/src/app/(app)/[orgId]/vendors/[vendorId]/actions/trigger-vendor-risk-assessment.ts
Show resolved
Hide resolved
| return Impact.moderate; | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Duplicated normalizeWebsite and extractDomain utility functions
Low Severity
The normalizeWebsite and extractDomain functions are duplicated in three locations: apps/app/src/utils/normalize-website.ts (the shared utility), apps/api/src/vendors/vendors.service.ts, and apps/api/src/trigger/vendor/vendor-risk-assessment-task.ts. The implementations are identical. The API-side code could either import from a shared package or create a single utility file in the API package rather than duplicating these functions.
Additional Locations (1)
Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| await this.connectionService.activateConnection(id); | ||
| this.logger.log( | ||
| `Activated connection ${id} after credential update (was in error state)`, | ||
| ); |
There was a problem hiding this comment.
Paused connections incorrectly activated on credential update
Medium Severity
The comment states "Only activate the connection if it was in error state (don't resume paused connections)" but this behavior isn't achieved. The storeApiKeyCredentials method (called at line 1052) unconditionally sets the connection status to 'active' internally before the status check at line 1058 can execute. This means paused connections will be unexpectedly resumed when a user updates credentials like regions, contrary to the documented intent.
* fix(docs): remove redundant setup steps from Aikido integration guide * style(trust): update text color for domain alert message --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
|
🎉 This PR is included in version 1.80.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
3 participants
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.