[Feedhenry-raincatcher] Snyk integration on the generated repos.
Paolo Haji
phaji at redhat.com
Thu Oct 12 16:09:24 UTC 2017
On Thu, Oct 12, 2017 at 1:02 PM, Wojciech Trocki <wtrocki at redhat.com> wrote:
>
> The only problem with this aproach is when we do not do any PR builds for
> some time, but I do not think that this will happen.
>
I'm not sure what's the frequency that skyk's bot reviews our dependencies,
but if we use it instead we might not need to worry about PR frequency :)
>
>
If checks will take long time we can also consider doing that on release
> (as technically this when our code is impacting our community)
>
Also in our current release process we need a PR from the release branch
towards master, so checks could be done there as well! But we'd need to
change the release procedure from:
Build sources locally > publish to npm > have release PR to update tags in
monorepo
To:
Build sources locally > have release PR to update tags in monorepo *and
check for vulnerable dependencies* > publish to npm
--
PAOLO HAJI
SOFTWARE ENGINEER, RED HAT MOBILE APPLICATION PLATFORM
Red Hat Brasil <https://www.redhat.com/>
phaji at redhat.com
<https://red.ht/sig>
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-raincatcher/attachments/20171012/d35cf997/attachment.htm>
More information about the Feedhenry-raincatcher
mailing list