[Feedhenry-raincatcher] Snyk integration on the generated repos.
Wojciech Trocki
wtrocki at redhat.com
Thu Oct 12 10:39:28 UTC 2017
Hi
We recently got integration on generated repositories.
Due to nature of this repos (all content is generated) we cannot really
merge any of the PR's as changes will be removed anyway with the next
release.
We should make this changes in the original source + best to react to some
critical problems.
I have couple ideas how we can get that fixed:
- Close PR's and backport changes to the core/angular.js repos.
- Disable synk on this repositories and have dependency check for recent
versions on release.
- Merge PR directly into the branch and then backport changes.
I personally think that we may just need some general dependency update
process for the release + backport snyk changes.
NSP integration may be also useful - I wasn't as effective as Snyk, but
it's best to have it.
Example PR:
https://github.com/feedhenry-raincatcher/raincatcher-portal/pull/1
PS: We already have related ticket in the sprint:
https://issues.jboss.org/browse/RAINCATCH-1312 maybe we should extend that?
Regards
--
WOJCIECH TROCKI
Red Hat Mobile <https://www.redhat.com/>
IM: wtrocki
<https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-raincatcher/attachments/20171012/d5874d2e/attachment.htm>
More information about the Feedhenry-raincatcher
mailing list