Re: Security features of Github

2021-06-25 Thread Ruediger Pluem



On 6/25/21 10:04 AM, Daniel Gruno wrote:
> On 25/06/2021 09.23, Ruediger Pluem wrote:
>> I would like to leverage the "security features" of GitHub like Dependabot 
>> alerts and Code scanning alerts.
>>
>> First question: Do we want this? Does anyone object?
>>
>> Second question: Is this possible with our GitHub setup? I known that this 
>> question might be better suited for the infra list, but
>> OTOH I know that some infra guys are here as well.
>> While Dependabot seems to be only a matter of activating which might be easy 
>> I understand that The Code scanning alerts run as
>> GitHub actions and I am not sure if we can use GitHub actions or what the 
>> limits are as for the CI stuff we use Travis.
>>
>> Regards
>>
>> Rüdiger
>>
> 
> Dependabot unfortunately is not a viable option, as that would start leaking 
> potential issues into public space due to how our and
> their infra works.
> 

This is a pity. What about the Code scanning alerts that require Github actions?

Regards

Rüdiger


Re: Security features of Github

2021-06-25 Thread Daniel Gruno

On 25/06/2021 09.23, Ruediger Pluem wrote:

I would like to leverage the "security features" of GitHub like Dependabot 
alerts and Code scanning alerts.

First question: Do we want this? Does anyone object?

Second question: Is this possible with our GitHub setup? I known that this 
question might be better suited for the infra list, but
OTOH I know that some infra guys are here as well.
While Dependabot seems to be only a matter of activating which might be easy I 
understand that The Code scanning alerts run as
GitHub actions and I am not sure if we can use GitHub actions or what the 
limits are as for the CI stuff we use Travis.

Regards

Rüdiger



Dependabot unfortunately is not a viable option, as that would start 
leaking potential issues into public space due to how our and their 
infra works.