Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check vulnerabilities in CI #1037

Closed
1 task done
jpraynaud opened this issue Jul 6, 2023 · 0 comments · Fixed by #1043
Closed
1 task done

Check vulnerabilities in CI #1037

jpraynaud opened this issue Jul 6, 2023 · 0 comments · Fixed by #1043
Assignees
@Alenar @jpraynaud
Labels
CI/CD 🏭 CI/CD D-easy Difficulty: easy idea 💡 Something to discuss and refine optimization 🛠️ Optimization and/or small enhancements

Comments

@jpraynaud
Copy link
Member

jpraynaud commented Jul 6, 2023
edited
Loading

Issue

When security vulnerabilities are identified by a dependabot alert in the repository, we usually create a PR that update dependencies, but we don't before it is merged if it fixes the vulnerability.

To do

  • Implement a new job in the CI that runs the vulnerability detection of the branch (see this GitHub action)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Alenar Alenar

@jpraynaud jpraynaud

Labels
CI/CD 🏭 CI/CD D-easy Difficulty: easy idea 💡 Something to discuss and refine optimization 🛠️ Optimization and/or small enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

CI: Build linux binaries using ubuntu 20-04 and add vulnerabilities check input-output-hk/mithril
2 participants
@Alenar @jpraynaud