https://issues.apache.org/jira/browse/INFRA-22830
Colm. On Thu, Feb 3, 2022 at 2:06 PM Colm O hEigeartaigh <cohei...@apache.org> wrote: > > Yes exactly, you can't see the CXF alerts (actually they are all > fixed) because you aren't a committer there. > > Colm. > > On Thu, Feb 3, 2022 at 1:31 PM Otavio Rodolfo Piske > <angusyo...@gmail.com> wrote: > > > > Hi, > > > > Thanks for looking into this! > > > > +1 from me. I also couldn't see the ones from CXF, but I presume we should > > expect to see a report like this [1], right? > > > > 1. https://nftb.saturdaymp.com/today-i-learned-about-githubs-dependabot/ > > > > On Thu, Feb 3, 2022 at 1:31 PM Zoran Regvart <zo...@regvart.com> wrote: > >> > >> Hi, Colm > >> > >> On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <cohei...@apache.org> > >> wrote: > >> > > >> > Hi, > >> > > >> > I've worked with INFRA to enable GitHub dependabot alerts for various > >> > Apache projects. The idea is that the GitHub committers for a given > >> > project can have access to the page on GitHub (for example for CXF: > >> > https://github.com/apache/cxf/security/dependabot) which shows the > >> > list of dependencies for the project with known CVEs. > >> > > >> > I plan to do the same for Camel on these repos: > >> > > >> > https://github.com/apache/camel > >> > https://github.com/apache/camel-karaf > >> > https://github.com/apache/camel-quarkus > >> > https://github.com/apache/camel-spring-boot > >> > > >> > Any objections or anything I'm missing? If not I'll proceed with > >> > enabling it. > >> > >> +1 from me, thanks Colm for looking into it, I keep seeing those on > >> push, but I can't access the /security/dependabot page so this will be > >> very helpful. > >> > >> zoran > >> -- > >> Zoran Regvart > > > > > > > > -- > > Otavio R. Piske > > http://orpiske.net
