Hi, All. Can someone with permission to administer GPII repos check the repo settings for GPII/gpii-handlebars and GPII/gpii-pouchdb? They show up in the "CI/CLI" category on snyk, and I can't see any obvious differences between those and a repo like GPII/gpii-express, which shows up in the correct category.
Cheers, Tony On Thu, Apr 13, 2017 at 9:22 AM, Tony Atkins <[email protected]> wrote: > Thanks, Gio. > > During testing, I had initially added my own forks of various gpii-* repos > to the GPII dashboard. I have removed as many as I can. There appears to > be some kind of delay before deleted projects are actually removed, I will > check back tomorrow to confirm the last two remaining are gone. > > Cheers, > > > Tony > > On Wed, Apr 12, 2017 at 5:45 PM, Tirloni, Giovanni <[email protected]> > wrote: > >> I haven't received any objections to Snyk so I'm proceeding by lazy >> consensus rules. >> >> Snyk has been activated for the GPII repositories. >> >> >> >> On 04/06/2017 09:49 AM, Tirloni, Giovanni wrote: >> > Thanks, Tony! >> > >> > I've cross-posted this to fluid-work as I believe it'll also be a tool >> for Fluid. >> > >> > Here's my email to fluid-work, the same applies to GPII (re: org >> creation in Snyk): >> > >> > ---- >> > Hello, >> > >> > There was a discussion in the GPII Architecture mailing list that >> started in Oct 2015 when snyk.io was released and I believe it would >> beneficial to adopt it for Fluid repositories. >> > >> > Here are the relevant threads: >> > >> > http://lists.gpii.net/pipermail/architecture/2015-November/ >> thread.html >> > http://lists.gpii.net/pipermail/architecture/2017-April/ >> thread.html >> > >> > And here's more information about Snyk: >> > >> > https://snyk.io/docs/faqs/ >> > https://snyk.io/plans >> > >> > I took the liberty of creating a "Fluid Project" organization in >> Snyk and invited the Fluid Project's GitHub administrators to it (as I >> don't have permission to add repositories). >> > >> > Enabling Snyk for a repository means: >> > >> > * A WebHook will get added to notify snyk.io of new PR and commits >> > * A notification will be added to new PRs to identify if they >> introduce security vulnerabilities (within snyk's scope) >> > * The repository will be constantly monitored for new vulnerability >> > >> > To clarify, Snyk is not a static code analyzer. It simply inspects >> dependencies that have known vulnerabilities. >> > >> > If there is consensus on adopting this tool, I would like to request >> that someone with admin privileges to the Fluid Project in GitHub to access >> Snyk.io and add the repositories. >> > >> > Regards, >> > Giovanni >> > ---- >> > >> > On 04/06/2017 04:50 AM, Tony Atkins wrote: >> >> Hi, Giovanni. >> >> >> >> Personally I would be happy to have this for every repo and PR. Even >> though many of us regularly run "npm outdated" (or "yarn outdated") and >> test our work with newer libraries, having a report on known bad versions >> gives us a consistent "trailing edge". By that I mean that if we haven't >> managed to otherwise update our dependencies when snyk identifies a >> problem, we have a good reason to take a moment and review. >> >> >> >> Anyway, +1 from me. >> >> >> >> Cheers, >> >> >> >> >> >> Tony >> >> >> >> On Wed, Apr 5, 2017 at 6:20 PM, Tirloni, Giovanni <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >> Snyk can monitor repositories and test new PRs for vulnerable >> packages. >> >> >> >> Is there interest in having this tool automatically monitoring our >> repositories? It's free for open source project. >> >> >> >> https://snyk.io/docs/github >> >> >> >> On 10/29/2015 02:29 PM, Steve Lee wrote: >> >> > https://snyk.io/ >> >> > >> >> > Steve Lee >> >> > OpenDirective http://opendirective.com >> >> > _______________________________________________ >> >> > Architecture mailing list >> >> > [email protected] <mailto:[email protected]> >> >> > http://lists.gpii.net/mailman/listinfo/architecture < >> http://lists.gpii.net/mailman/listinfo/architecture> >> >> > >> >> > >> >> _______________________________________________ >> >> Architecture mailing list >> >> [email protected] <mailto:[email protected]> >> >> http://lists.gpii.net/mailman/listinfo/architecture < >> http://lists.gpii.net/mailman/listinfo/architecture> >> >> >> >> >> > _______________________________________________ >> > Architecture mailing list >> > [email protected] >> > http://lists.gpii.net/mailman/listinfo/architecture >> > >> _______________________________________________ >> Architecture mailing list >> [email protected] >> http://lists.gpii.net/mailman/listinfo/architecture >> > >
_______________________________________________ Architecture mailing list [email protected] http://lists.gpii.net/mailman/listinfo/architecture
