Yes exactly, you can't see the CXF alerts (actually they are all fixed) because you aren't a committer there.
Colm. On Thu, Feb 3, 2022 at 1:31 PM Otavio Rodolfo Piske <[email protected]> wrote: > > Hi, > > Thanks for looking into this! > > +1 from me. I also couldn't see the ones from CXF, but I presume we should > expect to see a report like this [1], right? > > 1. https://nftb.saturdaymp.com/today-i-learned-about-githubs-dependabot/ > > On Thu, Feb 3, 2022 at 1:31 PM Zoran Regvart <[email protected]> wrote: >> >> Hi, Colm >> >> On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <[email protected]> >> wrote: >> > >> > Hi, >> > >> > I've worked with INFRA to enable GitHub dependabot alerts for various >> > Apache projects. The idea is that the GitHub committers for a given >> > project can have access to the page on GitHub (for example for CXF: >> > https://github.com/apache/cxf/security/dependabot) which shows the >> > list of dependencies for the project with known CVEs. >> > >> > I plan to do the same for Camel on these repos: >> > >> > https://github.com/apache/camel >> > https://github.com/apache/camel-karaf >> > https://github.com/apache/camel-quarkus >> > https://github.com/apache/camel-spring-boot >> > >> > Any objections or anything I'm missing? If not I'll proceed with enabling >> > it. >> >> +1 from me, thanks Colm for looking into it, I keep seeing those on >> push, but I can't access the /security/dependabot page so this will be >> very helpful. >> >> zoran >> -- >> Zoran Regvart > > > > -- > Otavio R. Piske > http://orpiske.net
