Update Kontra security training token (!143277) · Merge requests · GitLab.org / GitLab

Brian Williams requested to merge bwill/fix-kontra-bearer-token into master Jan 30, 2024

What does this MR do and why?

Update Kontra security training token to a new one since the existing one is invalid. This is a band-aid fix. I am discussing a long-term solution with Kontra over email: #436629 (comment 1750149416)

Fixes: #436629 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

project = Project.last
provider = Security::TrainingProvider.find_by_name('Kontra')
identifier_external_id = '[CWE]-[89]-[CWE-89]'
Security::TrainingProviders::KontraUrlService.new(project, provider, identifier_external_id).execute
=> {:name=>"Kontra", :url=>"https://application.security/gitlab/free-application-security-training/owasp-top-10-sql-injection", :status=>"completed", :identifier=>"CWE-89"}

If nil url is returned, try restarting rails-background-jobs as this code uses reactive caching which executes in sidekiq.

Edited Jan 30, 2024 by Brian Williams

Update Kontra security training token

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports