That was fast, I already am able to see the camel page:
https://github.com/apache/camel/security/dependabot
Thanks Colm.
On 03/02/2022 15:07, Colm O hEigeartaigh wrote:
https://issues.apache.org/jira/browse/INFRA-22830
Colm.
On Thu, Feb 3, 2022 at 2:06 PM Colm O hEigeartaigh <[email protected]> wrote:
Yes exactly, you can't see the CXF alerts (actually they are all
fixed) because you aren't a committer there.
Colm.
On Thu, Feb 3, 2022 at 1:31 PM Otavio Rodolfo Piske
<[email protected]> wrote:
Hi,
Thanks for looking into this!
+1 from me. I also couldn't see the ones from CXF, but I presume we should
expect to see a report like this [1], right?
1. https://nftb.saturdaymp.com/today-i-learned-about-githubs-dependabot/
On Thu, Feb 3, 2022 at 1:31 PM Zoran Regvart <[email protected]> wrote:
Hi, Colm
On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <[email protected]> wrote:
Hi,
I've worked with INFRA to enable GitHub dependabot alerts for various
Apache projects. The idea is that the GitHub committers for a given
project can have access to the page on GitHub (for example for CXF:
https://github.com/apache/cxf/security/dependabot) which shows the
list of dependencies for the project with known CVEs.
I plan to do the same for Camel on these repos:
https://github.com/apache/camel
https://github.com/apache/camel-karaf
https://github.com/apache/camel-quarkus
https://github.com/apache/camel-spring-boot
Any objections or anything I'm missing? If not I'll proceed with enabling it.
+1 from me, thanks Colm for looking into it, I keep seeing those on
push, but I can't access the /security/dependabot page so this will be
very helpful.
zoran
--
Zoran Regvart
--
Otavio R. Piske
http://orpiske.net
