feat: add RapiDAST DAST scanning workflow by mpapadopoullos · Pull Request #1997 · openshift/bpfman-operator

mpapadopoullos · 2026-06-17T12:52:41Z

Summary

Add GitHub Actions workflow (.github/workflows/rapidast.yml) for automated DAST scanning using RapiDAST
ZAP scan: spider + passive + active scan against the operator metrics endpoint (/metrics on port 8443) with SA token auth
oobtkube scan: blind command injection testing against BpfApplication CRDs (XDP, TC, UProbe program types)
Weekly schedule (Sunday midnight UTC) + manual workflow_dispatch trigger
SARIF artifact upload and GitHub Step Summary reporting

Design decisions

Reuses existing Kind cluster setup (make run-on-kind) from integration tests
RapiDAST development image tag (not latest, which is known-broken)
--network host for RapiDAST containers to reach port-forwarded services
continue-on-error: true on scan steps so artifacts always upload
Externalised configs in .github/rapidast/ for maintainability

Files

File	Purpose
`.github/workflows/rapidast.yml`	Main workflow
`.github/rapidast/zap-config.yaml`	ZAP scanner config
`.github/rapidast/oobtkube-config.yaml`	oobtkube scanner config
`.github/rapidast/bpfapplication-oobtkube-cr.yaml`	Enriched CR for injection surface

Test plan

Trigger workflow manually via workflow_dispatch
Verify Kind cluster deploys successfully
Verify ZAP scan completes and produces SARIF output
Verify oobtkube scan completes and produces SARIF output
Confirm artifacts are uploaded and step summary renders correctly

Made with Cursor

Summary by CodeRabbit

Chores
- Added Kubernetes manifest configurations for automated security testing infrastructure supporting BPF program validation
- Integrated RapidAST DAST scanning pipeline with GitHub Actions, enabling continuous security analysis through API endpoint testing, authentication validation, and vulnerability scanning including injection attack detection

Add GitHub Actions workflow for automated DAST scanning using RapiDAST: - ZAP spider + passive + active scan on the metrics endpoint (port 8443) - oobtkube blind command injection scan on BpfApplication CRDs - Weekly schedule + manual trigger - SARIF artifact upload and step summary reporting Scan configs externalised in .github/rapidast/ for maintainability. Reuses existing Kind cluster setup from integration tests. Co-authored-by: Cursor <cursoragent@cursor.com>

coderabbitai · 2026-06-17T12:52:57Z

Walkthrough

Adds a RapiDAST DAST Scan GitHub Actions workflow (manual + weekly cron) along with three configuration files. The workflow provisions a Kind cluster, deploys bpfman-operator, then runs two DAST scans—ZAP against the metrics endpoint and oobtkube blind injection via a new BpfApplication CR—uploading results and emitting a Markdown step summary.

Changes

RapiDAST DAST Scan Workflow

Layer / File(s)	Summary
ZAP and oobtkube scanner configurations `.github/rapidast/zap-config.yaml`, `.github/rapidast/oobtkube-config.yaml`, `.github/rapidast/bpfapplication-oobtkube-cr.yaml`	ZAP config defines exclusion rules, `AUTH_TOKEN`-based auth, spider/active scan policy, and report formats. oobtkube config wires the `generic_oobtkube` scanner to invoke `oobtkube.py` with pod IP and SARIF output. The `BpfApplication` CR specifies XDP, TC, and UProbe programs used as injection input.
Workflow triggers and cluster provisioning `.github/workflows/rapidast.yml`	Defines `workflow_dispatch` and weekly cron triggers, sets image env vars, cleans disk, checks out the repo, sets up Go, builds and deploys bpfman-operator images to Kind, and waits for controller-manager and daemonset rollout readiness.
ZAP scan execution `.github/workflows/rapidast.yml`	Port-forwards the controller-manager metrics service, creates and masks a Kubernetes service account token as `AUTH_TOKEN`, runs the RapiDAST container with ZAP config and results directory mounted, and stops the port-forward in an `always()` cleanup step.
OOBKube blind injection scan execution `.github/workflows/rapidast.yml`	Applies the `BpfApplication` CR, captures the operator pod IP into `GITHUB_ENV`, and runs the RapiDAST container with oobtkube config and CR mounted. Both scan steps set `continue-on-error: true`.
Artifact upload and step summary `.github/workflows/rapidast.yml`	Uploads ZAP and oobtkube result directories as workflow artifacts with `if: always()`. Generates a Markdown step summary by reading ZAP JSON alert counts and oobtkube SARIF injection counts via `jq`, with fallback messages when reports are absent.

Sequence Diagram(s)

sequenceDiagram
  participant Trigger as Cron / manual dispatch
  participant Job as rapidast-dast-scan
  participant Kind as Kind cluster
  participant kubectl
  participant RapiDAST as RapiDAST container

  Trigger->>Job: start workflow
  Job->>Kind: build + deploy bpfman-operator images
  Kind-->>Job: controller-manager + daemonset ready

  rect rgba(70, 130, 180, 0.5)
    Note over Job,RapiDAST: ZAP scan
    Job->>kubectl: port-forward metrics service
    Job->>kubectl: create SA token → AUTH_TOKEN
    Job->>RapiDAST: run with zap-config.yaml
    RapiDAST-->>Job: ZAP json/html/sarif reports
    Job->>kubectl: stop port-forward (always)
  end

  rect rgba(180, 100, 70, 0.5)
    Note over Job,RapiDAST: OOBKube scan
    Job->>kubectl: apply BpfApplication CR
    Job->>kubectl: get operator pod IP → POD_IP
    Job->>RapiDAST: run with oobtkube-config.yaml + CR
    RapiDAST-->>Job: oobtkube SARIF report
  end

  Job->>Job: upload artifacts + write step summary

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Topology-Aware Scheduling Compatibility	⚠️ Warning	The BpfApplication CR (.github/rapidast/bpfapplication-oobtkube-cr.yaml) includes a nodeSelector requiring node-role.kubernetes.io/worker, which assumes dedicated worker nodes and breaks on SNO, Tw...	Remove or make optional the node-role.kubernetes.io/worker requirement; use empty nodeSelector {} to allow scheduling on all nodes, or check ControlPlaneTopology before applying topology-specific constraints.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main change: adding a RapiDAST DAST scanning workflow to the project, which is directly supported by the workflow file and configuration additions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR adds only GitHub Actions workflow and YAML configuration files with no Ginkgo test files; check for Ginkgo test name stability is not applicable.
Test Structure And Quality	✅ Passed	PR does not contain any Ginkgo test code; it adds only YAML configuration files, Kubernetes manifests, and a GitHub Actions workflow. The custom check is not applicable.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR; all additions are workflow and configuration files (YAML). The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR adds GitHub Actions workflow and configuration files (not Ginkgo e2e tests). The check applies only to new Ginkgo test additions; no Go test files with It(), Describe(), Context(), or When(...
Ote Binary Stdout Contract	✅ Passed	This PR adds only YAML configuration files and GitHub Actions workflow files. No Go code is modified, so the OTE Binary Stdout Contract check does not apply.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. The PR adds only GitHub Actions workflow files and YAML configuration/manifest files, not Go test code.
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or non-constant-time secret comparisons detected in the added files.
Container-Privileges	✅ Passed	No privileged container settings found: no privileged: true, hostPID/hostNetwork/hostIPC, SYS_ADMIN, allowPrivilegeEscalation: true, securityContext, or root escalation in any manifests or workflow...
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data (tokens, passwords, API keys, PII, or credentials) is logged. Service account token is properly masked with ::add-mask:: before output; pod names/IPs are operational metadata, not...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-06-17T12:53:26Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mpapadopoullos
Once this PR has been reviewed and has the lgtm label, please assign mffiedler for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2026-06-17T12:53:31Z

Hi @mpapadopoullos. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/rapidast.yml (1)
8-180: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Add SAST/SCA coverage to this pipeline (or invoke an existing reusable job).

This workflow currently runs DAST only; there are no SAST/SCA steps in the pipeline definition.

As per coding guidelines, .github/workflows/**/*: "SAST/SCA steps in pipeline".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rapidast.yml around lines 8 - 180, The rapidast-dast-scan
job currently only performs DAST scanning using RapiDAST but lacks SAST and SCA
coverage as required by coding guidelines. Add SAST (Static Application Security
Testing) and SCA (Software Composition Analysis) steps to the workflow by either
invoking an existing reusable job or by adding new steps that scan the codebase
for static vulnerabilities and dependency issues. These steps should be placed
alongside the existing DAST scanning steps in the job definition.
Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/rapidast.yml:
- Around line 131-146: The "Upload ZAP scan results" and "Upload oobtkube scan
results" steps are uploading artifacts without signing them, making it
impossible for downstream consumers to verify provenance and integrity. Add a
signing step before each upload-artifact action that uses Sigstore/cosign to
sign the artifacts from /tmp/rapidast-results/zap/ and
/tmp/rapidast-results/oobtkube/ respectively, then configure the upload-artifact
actions to include the generated signatures. This ensures artifacts can be
verified by consumers.
- Around line 8-15: The rapidast-dast-scan job lacks an explicit permissions
block, causing the GITHUB_TOKEN to have default scopes that are broader than
necessary. Add a permissions block at the job level (as a sibling to the name,
runs-on, env, and steps fields) that explicitly defines only the minimal
required permissions needed for the RapiDAST Security Scan job to run. This
ensures the GITHUB_TOKEN follows the principle of least privilege by restricting
access to only what is strictly necessary for this workflow to function.
- Around line 24-28: The actions/checkout@v6 action in the "Checkout
bpfman-operator" step is currently persisting credentials in the local git
config, which creates unnecessary token exposure. Add the persist-credentials
parameter set to false in the with block of the checkout action to disable
credential persistence and comply with the least privilege principle for
GITHUB_TOKEN permissions.
- Around line 25-26: Replace all mutable GitHub Actions version tags with their
corresponding full commit SHAs in the rapidast.yml workflow file to ensure
supply chain immutability. Update actions/checkout from `@v6`, actions/setup-go
from `@v6`, actions/cache from `@v5`, and actions/upload-artifact from `@v6` by
replacing each mutable tag with the full commit SHA provided in the comment.
This prevents these actions from being re-released with breaking or malicious
changes without explicit consent.

---

Outside diff comments:
In @.github/workflows/rapidast.yml:
- Around line 8-180: The rapidast-dast-scan job currently only performs DAST
scanning using RapiDAST but lacks SAST and SCA coverage as required by coding
guidelines. Add SAST (Static Application Security Testing) and SCA (Software
Composition Analysis) steps to the workflow by either invoking an existing
reusable job or by adding new steps that scan the codebase for static
vulnerabilities and dependency issues. These steps should be placed alongside
the existing DAST scanning steps in the job definition.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 22542bf0-bdff-4978-8d05-96246b058301

📥 Commits

Reviewing files that changed from the base of the PR and between 89199f4 and f5fa625.

📒 Files selected for processing (4)

.github/rapidast/bpfapplication-oobtkube-cr.yaml
.github/rapidast/oobtkube-config.yaml
.github/rapidast/zap-config.yaml
.github/workflows/rapidast.yml

coderabbitai · 2026-06-17T12:59:47Z

+jobs:
+  rapidast-dast-scan:
+    name: RapiDAST Security Scan
+    runs-on: ubuntu-24.04
+    env:
+      BPFMAN_AGENT_IMG: quay.io/bpfman/bpfman-agent:int-test
+      BPFMAN_OPERATOR_IMG: quay.io/bpfman/bpfman-operator:int-test
+    steps:


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Define explicit least-privilege GITHUB_TOKEN permissions.

No permissions block is set, so token scopes default broader than necessary for this job.

Suggested hardening

name: RapiDAST DAST Scan on: workflow_dispatch: schedule: - cron: "0 0 * * 0" # Sunday midnight UTC +permissions: + contents: read + jobs: rapidast-dast-scan: name: RapiDAST Security Scan

As per coding guidelines, .github/workflows/**/*: "Least privilege: minimize GITHUB_TOKEN permissions".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/rapidast.yml around lines 8 - 15, The rapidast-dast-scan job lacks an explicit permissions block, causing the GITHUB_TOKEN to have default scopes that are broader than necessary. Add a permissions block at the job level (as a sibling to the name, runs-on, env, and steps fields) that explicitly defines only the minimal required permissions needed for the RapiDAST Security Scan job to run. This ensures the GITHUB_TOKEN follows the principle of least privilege by restricting access to only what is strictly necessary for this workflow to function.

Source: Coding guidelines

coderabbitai · 2026-06-17T12:59:47Z

+      - name: Checkout bpfman-operator
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Disable checkout credential persistence.

actions/checkout currently persists credentials in local git config. This is avoidable token exposure in a multi-step job.

Suggested hardening

- name: Checkout bpfman-operator uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false

As per coding guidelines, .github/workflows/**/*: "Least privilege: minimize GITHUB_TOKEN permissions".

🧰 Tools

🪛 zizmor (1.25.2)

[warning] 24-27: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

[error] 25-25: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/rapidast.yml around lines 24 - 28, The actions/checkout@v6 action in the "Checkout bpfman-operator" step is currently persisting credentials in the local git config, which creates unnecessary token exposure. Add the persist-credentials parameter set to false in the with block of the checkout action to disable credential persistence and comply with the least privilege principle for GITHUB_TOKEN permissions.

Sources: Coding guidelines, Linters/SAST tools

coderabbitai · 2026-06-17T12:59:47Z

+        uses: actions/checkout@v6
+        with:


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

fd -type f -name "rapidast.yml" .github/

Repository: openshift/bpfman-operator

Length of output: 240

🏁 Script executed:

fd -t f -name "rapidast.yml" .github/

Repository: openshift/bpfman-operator

Length of output: 300

🏁 Script executed:

fd "rapidast.yml" .github/

Repository: openshift/bpfman-operator

Length of output: 100

🏁 Script executed:

cat -n .github/workflows/rapidast.yml | head -150

Repository: openshift/bpfman-operator

Length of output: 6164

🏁 Script executed:

cat -n .github/workflows/rapidast.yml | tail -20

Repository: openshift/bpfman-operator

Length of output: 920

🏁 Script executed:

rg 'uses:' .github/workflows/rapidast.yml

Repository: openshift/bpfman-operator

Length of output: 281

Pin all GitHub Actions to full commit SHAs.

Lines 25, 30, 36, 44, 133, and 141 use mutable tags (@v5, @v6), which breaks immutability guarantees for the CI supply chain. Actions with mutable tags can be re-released with breaking or malicious changes without explicit consent.

Replace all action tags with full commit SHAs:

actions/checkout@v6 → actions/checkout@eace6... (current v6 SHA)

actions/setup-go@v6 → actions/setup-go@0c52d... (current v6 SHA)

actions/cache@v5 → actions/cache@0c45773... (current v5 SHA)

actions/upload-artifact@v6 → actions/upload-artifact@83fd05... (current v6 SHA)

🧰 Tools

🪛 zizmor (1.25.2)

[error] 25-25: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/rapidast.yml around lines 25 - 26, Replace all mutable GitHub Actions version tags with their corresponding full commit SHAs in the rapidast.yml workflow file to ensure supply chain immutability. Update actions/checkout from `@v6`, actions/setup-go from `@v6`, actions/cache from `@v5`, and actions/upload-artifact from `@v6` by replacing each mutable tag with the full commit SHA provided in the comment. This prevents these actions from being re-released with breaking or malicious changes without explicit consent.

Sources: Coding guidelines, Linters/SAST tools

coderabbitai · 2026-06-17T12:59:47Z

+      - name: Upload ZAP scan results
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: rapidast-zap-results
+          path: /tmp/rapidast-results/zap/
+          if-no-files-found: warn
+
+      - name: Upload oobtkube scan results
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: rapidast-oobtkube-results
+          path: /tmp/rapidast-results/oobtkube/
+          if-no-files-found: warn
+


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Sign scan artifacts before upload (Sigstore/cosign).

Artifacts are uploaded unsigned, so downstream consumers cannot verify provenance/integrity.

As per coding guidelines, .github/workflows/**/*: "Sign artifacts with Sigstore/cosign".

🧰 Tools

🪛 zizmor (1.25.2)

[error] 133-133: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

[error] 141-141: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/rapidast.yml around lines 131 - 146, The "Upload ZAP scan results" and "Upload oobtkube scan results" steps are uploading artifacts without signing them, making it impossible for downstream consumers to verify provenance and integrity. Add a signing step before each upload-artifact action that uses Sigstore/cosign to sign the artifacts from /tmp/rapidast-results/zap/ and /tmp/rapidast-results/oobtkube/ respectively, then configure the upload-artifact actions to include the generated signatures. This ensures artifacts can be verified by consumers.

Source: Coding guidelines

frobware · 2026-06-17T15:42:13Z

/ok-to-test

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 17, 2026

openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 17, 2026

coderabbitai Bot reviewed Jun 17, 2026

View reviewed changes

openshift-ci Bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 17, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add RapiDAST DAST scanning workflow#1997

feat: add RapiDAST DAST scanning workflow#1997
mpapadopoullos wants to merge 1 commit into
openshift:mainfrom
mpapadopoullos:feature/rapidast-dast-scan

mpapadopoullos commented Jun 17, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

coderabbitai Bot commented Jun 17, 2026 •

edited

Loading

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented Jun 17, 2026

Uh oh!

openshift-ci Bot commented Jun 17, 2026

Uh oh!

coderabbitai Bot left a comment

Uh oh!

coderabbitai Bot Jun 17, 2026

Uh oh!

coderabbitai Bot Jun 17, 2026

Uh oh!

coderabbitai Bot Jun 17, 2026

Uh oh!

coderabbitai Bot Jun 17, 2026

Uh oh!

frobware commented Jun 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

mpapadopoullos commented Jun 17, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Design decisions

Files

Test plan

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented Jun 17, 2026

Uh oh!

openshift-ci Bot commented Jun 17, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 17, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 17, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 17, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 17, 2026

Choose a reason for hiding this comment

Uh oh!

frobware commented Jun 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

mpapadopoullos commented Jun 17, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Jun 17, 2026 •

edited

Loading