Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency review workflow and config #737

Merged
merged 2 commits into from
Jun 12, 2023
Merged

Add dependency review workflow and config #737

merged 2 commits into from
Jun 12, 2023

Conversation

lucacome
Copy link
Member

@lucacome lucacome commented Jun 9, 2023
edited

Proposed changes

This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR.

Once installed, PRs introducing known-vulnerable packages or dependencies not in the allow list will be blocked from merging.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@lucacome
Add dependency review workflow and config
fb2ee59 
This Action will scan dependency manifest files that change as part of a
Pull Request, surfacing known-vulnerable versions of the packages
declared or updated in the PR.

Once installed, PRs introducing known-vulnerable packages or
dependencies not in the allow list will be blocked from merging.
@lucacome lucacome requested a review from a team as a code owner June 9, 2023 22:00
@lucacome lucacome self-assigned this Jun 9, 2023
@github-actions github-actions bot added the chore Pull requests for routine tasks label Jun 9, 2023
@lucacome lucacome enabled auto-merge (squash) June 12, 2023 23:05
@lucacome lucacome merged commit 0c74bd1 into nginxinc:main Jun 12, 2023
13 checks passed
@lucacome lucacome deleted the chore/dependency-review branch June 12, 2023 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pleshakov pleshakov pleshakov approved these changes

@kate-osborn kate-osborn kate-osborn approved these changes

Assignees

@lucacome lucacome

Labels
chore Pull requests for routine tasks
Projects
NGINX Gateway Fabric
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lucacome @pleshakov @kate-osborn