On 6/25/21 10:04 AM, Daniel Gruno wrote:
> On 25/06/2021 09.23, Ruediger Pluem wrote:
>> I would like to leverage the "security features" of GitHub like Dependabot
>> alerts and Code scanning alerts.
>>
>> First question: Do we want this? Does anyone object?
>>
>> Second question: Is this possible with our GitHub setup? I known that this
>> question might be better suited for the infra list, but
>> OTOH I know that some infra guys are here as well.
>> While Dependabot seems to be only a matter of activating which might be easy
>> I understand that The Code scanning alerts run as
>> GitHub actions and I am not sure if we can use GitHub actions or what the
>> limits are as for the CI stuff we use Travis.
>>
>> Regards
>>
>> Rüdiger
>>
>
> Dependabot unfortunately is not a viable option, as that would start leaking
> potential issues into public space due to how our and
> their infra works.
>
This is a pity. What about the Code scanning alerts that require Github actions?
Regards
Rüdiger