Thanks, Gio. During testing, I had initially added my own forks of various gpii-* repos to the GPII dashboard. I have removed as many as I can. There appears to be some kind of delay before deleted projects are actually removed, I will check back tomorrow to confirm the last two remaining are gone.
Cheers, Tony On Wed, Apr 12, 2017 at 5:45 PM, Tirloni, Giovanni <[email protected]> wrote: > I haven't received any objections to Snyk so I'm proceeding by lazy > consensus rules. > > Snyk has been activated for the GPII repositories. > > > > On 04/06/2017 09:49 AM, Tirloni, Giovanni wrote: > > Thanks, Tony! > > > > I've cross-posted this to fluid-work as I believe it'll also be a tool > for Fluid. > > > > Here's my email to fluid-work, the same applies to GPII (re: org > creation in Snyk): > > > > ---- > > Hello, > > > > There was a discussion in the GPII Architecture mailing list that > started in Oct 2015 when snyk.io was released and I believe it would > beneficial to adopt it for Fluid repositories. > > > > Here are the relevant threads: > > > > http://lists.gpii.net/pipermail/architecture/2015- > November/thread.html > > http://lists.gpii.net/pipermail/architecture/2017-April/thread.html > > > > And here's more information about Snyk: > > > > https://snyk.io/docs/faqs/ > > https://snyk.io/plans > > > > I took the liberty of creating a "Fluid Project" organization in Snyk > and invited the Fluid Project's GitHub administrators to it (as I don't > have permission to add repositories). > > > > Enabling Snyk for a repository means: > > > > * A WebHook will get added to notify snyk.io of new PR and commits > > * A notification will be added to new PRs to identify if they > introduce security vulnerabilities (within snyk's scope) > > * The repository will be constantly monitored for new vulnerability > > > > To clarify, Snyk is not a static code analyzer. It simply inspects > dependencies that have known vulnerabilities. > > > > If there is consensus on adopting this tool, I would like to request > that someone with admin privileges to the Fluid Project in GitHub to access > Snyk.io and add the repositories. > > > > Regards, > > Giovanni > > ---- > > > > On 04/06/2017 04:50 AM, Tony Atkins wrote: > >> Hi, Giovanni. > >> > >> Personally I would be happy to have this for every repo and PR. Even > though many of us regularly run "npm outdated" (or "yarn outdated") and > test our work with newer libraries, having a report on known bad versions > gives us a consistent "trailing edge". By that I mean that if we haven't > managed to otherwise update our dependencies when snyk identifies a > problem, we have a good reason to take a moment and review. > >> > >> Anyway, +1 from me. > >> > >> Cheers, > >> > >> > >> Tony > >> > >> On Wed, Apr 5, 2017 at 6:20 PM, Tirloni, Giovanni <[email protected] > <mailto:[email protected]>> wrote: > >> > >> Snyk can monitor repositories and test new PRs for vulnerable > packages. > >> > >> Is there interest in having this tool automatically monitoring our > repositories? It's free for open source project. > >> > >> https://snyk.io/docs/github > >> > >> On 10/29/2015 02:29 PM, Steve Lee wrote: > >> > https://snyk.io/ > >> > > >> > Steve Lee > >> > OpenDirective http://opendirective.com > >> > _______________________________________________ > >> > Architecture mailing list > >> > [email protected] <mailto:[email protected]> > >> > http://lists.gpii.net/mailman/listinfo/architecture < > http://lists.gpii.net/mailman/listinfo/architecture> > >> > > >> > > >> _______________________________________________ > >> Architecture mailing list > >> [email protected] <mailto:[email protected]> > >> http://lists.gpii.net/mailman/listinfo/architecture < > http://lists.gpii.net/mailman/listinfo/architecture> > >> > >> > > _______________________________________________ > > Architecture mailing list > > [email protected] > > http://lists.gpii.net/mailman/listinfo/architecture > > > _______________________________________________ > Architecture mailing list > [email protected] > http://lists.gpii.net/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list [email protected] http://lists.gpii.net/mailman/listinfo/architecture
