Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency security checks in CI #1488

Closed
micahellison opened this issue May 24, 2022 · 1 comment · Fixed by #1575
Closed

Add dependency security checks in CI #1488

micahellison opened this issue May 24, 2022 · 1 comment · Fixed by #1575
Labels
build Issues related to the build pipeline enhancement New feature or request
Milestone
Backlog

Comments

@micahellison
Copy link
Member

I was just reading this excellent report on the recent malicious takeover of the ctx project and it has me thinking that we might benefit from some automated security checks in our GitHub Actions. The report specifically mentions Safety and pip-audit. Both of them look like they would play well within GH Actions.
@micahellison micahellison added enhancement New feature or request 🆕 New! build Issues related to the build pipeline labels May 24, 2022
@micahellison
Copy link
Member Author

Looks like GitHub's code scanning is worth looking into also.

@micahellison micahellison removed the 🆕 New! label May 28, 2022
@micahellison micahellison added this to the Backlog milestone May 28, 2022
@wren wren mentioned this issue Sep 3, 2022
Merged
@micahellison micahellison linked a pull request Sep 3, 2022 that will close this issue
Replace Dependabot with Renovate #1575
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build Issues related to the build pipeline enhancement New feature or request
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

Replace Dependabot with Renovate jrnl-org/jrnl
1 participant
@micahellison