Hello,
I'll have a look this week
Il mer 8 dic 2021, 09:42 Claus Ibsen ha scritto:
> Hi
>
> We could add our advisories to
> https://github.com/apache/camel/security/advisories
>
> I am not sure how to do that - is it potentially just to drop a file
> with a special name in the root or
According to docs, advisories is a subsection inside security section of
the project.
https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory
It intends to be like closed room for discussing vulnerabilities by
admins of the project.
No files are needed to
Hi
I wonder if we should setup code scanning on github for Apache Camel
https://github.com/apache/camel/security/code-scanning
And in such case which one? Should we go with the one from github
(CodeQL Analysis)
--
Claus Ibsen
-
http://davsclaus.com @davsclaus
Camel in Action
Hi
We could add our advisories to
https://github.com/apache/camel/security/advisories
I am not sure how to do that - is it potentially just to drop a file
with a special name in the root or something?
Or list is at
https://camel.apache.org/security/
--
Claus Ibsen
-
Hi Claus,
On Wed, Dec 8, 2021 at 9:42 AM Claus Ibsen wrote:
> We could add our advisories to
> https://github.com/apache/camel/security/advisories
>
> I am not sure how to do that - is it potentially just to drop a file
> with a special name in the root or something?
I don't think we (PMC,
BTW, it seems that Apache has a SonarCloud account [1] [2].
SonarCloud/SonarQube is not listed there, but it does seem to be available
[3]. So, maybe that's something to consider as well.
1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
2.
Claus, I think that it would be helpful and volunteer to help with anything
that is needed.
Given the size and complexity of our code base, issues may pass through -
even with the attentive eyes of the community. So, for me, it's a big +1.
Kind regards
On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen