Thanks Robert, I think this is important. I think this is a good first step.
In future I think we should consider adding a CI job to ensure that pre-existing security errors are addressed. Perhaps GitHub code scanning is worth investigating since they have acquired the LGTM product. Anthony > On Dec 16, 2021, at 10:08 AM, Robert Houghton <rhough...@vmware.com> wrote: > > We have had LGTM tests enabled on Apache Geode PRs for quite some time, and > have done a great job of trending those warnings and errors to in the right > direction. I would like to make the change to our GitHub to make those > changes blocking for all new PRs, given their reliability and > lack-of-flakiness. > > Does anyone have strong feelings against that? > > -Robert Houghton
