Add TLS certificate bundle support for self-signed certificates#3
Merged
Add TLS certificate bundle support for self-signed certificates#3
Conversation
- Fix bug in list_secret_scanning_alerts.py (undefined variable) - Add --ca-cert-bundle and --no-verify-tls options to all scripts - Update GitHub class instantiation to pass verify parameter - Update all helper functions to accept and propagate verify parameter - Update test to include new arguments Co-authored-by: aegilops <41705651+aegilops@users.noreply.github.com>
- Test default verify=True behavior - Test verify=False behavior for insecure connections - Test custom certificate bundle path - Test token requirement validation - Test hostname validation Co-authored-by: aegilops <41705651+aegilops@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Refactor Python scripts for custom TLS root support
Add TLS certificate bundle support for self-signed certificates
Nov 17, 2025
…scripts into copilot/refactor-tls-support-in-scripts
Contributor
|
@copilot Please update the PR with the changes to the README.md, updating the |
- Add --ca-cert-bundle and --no-verify-tls to list_code_scanning_alerts.py help - Add --ca-cert-bundle and --no-verify-tls to replay_code_scanning_alert_status.py help - Add --ca-cert-bundle and --no-verify-tls to replay_secret_scanning_result_status.py help - Add --ca-cert-bundle and --no-verify-tls to resolve_duplicate_secret_scanning_alerts.py help - Add --hostname, --ca-cert-bundle and --no-verify-tls to close_code_scanning_alerts.py help Co-authored-by: aegilops <41705651+aegilops@users.noreply.github.com>
Contributor
Author
Updated in commit fb427aa. All script help texts in the README now include the new
The |
aegilops
approved these changes
Nov 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary: TLS Certificate Bundle Support Implementation ✅
This PR successfully adds support for custom TLS root certificates and self-signed certificates to all Python scripts in the repository.
Changes Made
Bug Fixes
list_secret_scanning_alerts.py(line 378:ca_cert_bundle→args.ca_cert_bundle)New Features - All 6 Scripts Updated
list_code_scanning_alerts.pylist_secret_scanning_alerts.pyclose_code_scanning_alerts.pyreplay_code_scanning_alert_status.pyreplay_secret_scanning_result_status.pyresolve_duplicate_secret_scanning_alerts.pyNew CLI Arguments:
--ca-cert-bundle/-C: Path to CA certificate bundle in PEM format--no-verify-tls: Disable TLS verification (with security warning)Implementation:
verifyparameterverifyparameter through all helper functions--no-verify-tlsDocumentation
Testing Results ✅
Technical Implementation
The solution leverages Python's
requestslibrary native support:Usage Example
Files Changed
Security Summary
✅ No security vulnerabilities introduced
✅ CodeQL analysis passed with 0 alerts
✅ Appropriate security warnings when TLS verification is disabled
✅ Follows Python security best practices for certificate handling
Original prompt
Created from VS Code via the GitHub Pull Request extension.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.