Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try out dependency review GHA workflow #358

Open
jmbowman opened this issue Jul 14, 2023 · 0 comments
Open

Try out dependency review GHA workflow #358

jmbowman opened this issue Jul 14, 2023 · 0 comments
Assignees
@zubairshakoorarbisoft

Comments

@jmbowman
Copy link

GitHub has created a GitHub Action for dependency change reviews; here is further documentation for it. This looks like it could help us avoid some types of problems with software license incompatibility and security vulnerabilities with minimal effort. Try it out on one repository owned by Arbi-BOM (maybe api-doc-tools?) as an experiment to determine if we want to use it more broadly.

A/C:

  • A workflow and configuration file are added to the chosen repo to run the dependency review check on all new PRs. Adding to an existing workflow instead of creating a new one is fine if that's simpler and has negligible impact on CI duration.
  • A PR created to add a dependency with an inappropriate license fails the new check.
  • A PR created to add a dependency with a known security vulnerability fails the new check.
@github-project-automation github-project-automation bot moved this to In Progress in Arbi-BOM Jul 14, 2023
@jmbowman jmbowman removed the status in Arbi-BOM Jul 14, 2023
@jmbowman jmbowman mentioned this issue Jul 17, 2023
Open
@iamsobanjaved iamsobanjaved moved this to Backlog in Arbi-BOM Sep 21, 2023
@iamsobanjaved iamsobanjaved moved this from Backlog to Todo in Arbi-BOM Dec 20, 2023
@zubairshakoorarbisoft zubairshakoorarbisoft self-assigned this Jan 15, 2024
@zubairshakoorarbisoft zubairshakoorarbisoft moved this from Todo to In Progress in Arbi-BOM Jan 15, 2024
Open
@iamsobanjaved iamsobanjaved moved this from In Progress to Author Team Review in Arbi-BOM Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zubairshakoorarbisoft zubairshakoorarbisoft

Labels
None yet
Projects
Arbi-BOM
Status: Author Team Review
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmbowman @zubairshakoorarbisoft