Hi, Nice one, Colm! Thanks!
On Thu, Feb 3, 2022 at 6:26 PM Claus Ibsen <claus.ib...@gmail.com> wrote: > Hi > > This is good to see, you also get a "found X vulnerabilities" when you > push commits to branches. > Oh, this is really cool > > And btw. there is also the sonarcloud reports or what the name was > that Otavio help enable. > > I assume we have a page in the docs where we can have links to those > various online reporting tools. > Yes. I added a section about automated code analysis on the contribution guide [1] which has a link to our SonarCloud instance [2] (it's a pity we cannot have - yet - automated code analysis on the PRs ... but I don't want to go off-topic here). I think we could add a note about the automated analysis of security vulnerabilities there too. 1. https://camel.apache.org/community/contributing/#automated-code-analysis 2. https://sonarcloud.io/project/overview?id=apache_camel Kind regards > > On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <cohei...@apache.org> > wrote: > > > > Hi, > > > > I've worked with INFRA to enable GitHub dependabot alerts for various > > Apache projects. The idea is that the GitHub committers for a given > > project can have access to the page on GitHub (for example for CXF: > > https://github.com/apache/cxf/security/dependabot) which shows the > > list of dependencies for the project with known CVEs. > > > > I plan to do the same for Camel on these repos: > > > > https://github.com/apache/camel > > https://github.com/apache/camel-karaf > > https://github.com/apache/camel-quarkus > > https://github.com/apache/camel-spring-boot > > > > Any objections or anything I'm missing? If not I'll proceed with > enabling it. > > > > Colm. > > > > -- > Claus Ibsen > ----------------- > http://davsclaus.com @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 > -- Otavio R. Piske http://orpiske.net
