Hi This is good to see, you also get a "found X vulnerabilities" when you push commits to branches.
And btw. there is also the sonarcloud reports or what the name was that Otavio help enable. I assume we have a page in the docs where we can have links to those various online reporting tools. On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <cohei...@apache.org> wrote: > > Hi, > > I've worked with INFRA to enable GitHub dependabot alerts for various > Apache projects. The idea is that the GitHub committers for a given > project can have access to the page on GitHub (for example for CXF: > https://github.com/apache/cxf/security/dependabot) which shows the > list of dependencies for the project with known CVEs. > > I plan to do the same for Camel on these repos: > > https://github.com/apache/camel > https://github.com/apache/camel-karaf > https://github.com/apache/camel-quarkus > https://github.com/apache/camel-spring-boot > > Any objections or anything I'm missing? If not I'll proceed with enabling it. > > Colm. -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
