Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add vulerability scanning for Golang Dependencies via GitHub actions #151

Open
vharsh opened this issue Mar 5, 2022 · 0 comments
Open

Add vulerability scanning for Golang Dependencies via GitHub actions #151

vharsh opened this issue Mar 5, 2022 · 0 comments
Labels
CI good first issue Good for newcomers sodacode2022 SODALOW Easy issues for sodacode22

Comments

@vharsh
Copy link
Member

vharsh commented Mar 5, 2022

It's said that one cannot build a great building on a week foundation, well the same applies for writing software, it's turtles all the way down to the zeros and ones & turtles down even below that.

Evaluate tools which can share details

  • about code & dependency vulnerabilities(Synk does it nicely per my knowledge)
  • good-to-upgrade dependencies(DependaBot does it nicely per my knowledge, i believe this is already included via GitHub w/o configuration these days)

put your findings in the comments and raise a PR for it

PS: I'll create a relevant secret token with a specific environment key after a PR is raised and add that app to this repository, do reach out to us @ https://slack.k8s.io #openebs-dev & #openebs for further queries
@vharsh vharsh added good first issue Good for newcomers sodacode2022 SODALOW Easy issues for sodacode22 CI labels Mar 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI good first issue Good for newcomers sodacode2022 SODALOW Easy issues for sodacode22
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vharsh