On 25/06/2021 09.23, Ruediger Pluem wrote:
I would like to leverage the "security features" of GitHub like Dependabot
alerts and Code scanning alerts.
First question: Do we want this? Does anyone object?
Second question: Is this possible with our GitHub setup? I known that this
question might be better suited for the infra list, but
OTOH I know that some infra guys are here as well.
While Dependabot seems to be only a matter of activating which might be easy I
understand that The Code scanning alerts run as
GitHub actions and I am not sure if we can use GitHub actions or what the
limits are as for the CI stuff we use Travis.
Regards
RĂ¼diger
Dependabot unfortunately is not a viable option, as that would start
leaking potential issues into public space due to how our and their
infra works.
