[Feedhenry-raincatcher] Snyk integration on the generated repos.
Wojciech Trocki
wtrocki at redhat.com
Thu Oct 12 16:13:54 UTC 2017
> Build sources locally > have release PR to update tags in monorepo *and
check for vulnerable dependencies* > publish to npm
Makes perfect sense. We can modify release document once this will be
introduced.
On Thu, Oct 12, 2017 at 5:09 PM, Paolo Haji <phaji at redhat.com> wrote:
>
>
> On Thu, Oct 12, 2017 at 1:02 PM, Wojciech Trocki <wtrocki at redhat.com>
> wrote:
>>
>> The only problem with this aproach is when we do not do any PR builds for
>> some time, but I do not think that this will happen.
>>
> I'm not sure what's the frequency that skyk's bot reviews our
> dependencies, but if we use it instead we might not need to worry about PR
> frequency :)
>
>>
>>
> If checks will take long time we can also consider doing that on release
>> (as technically this when our code is impacting our community)
>>
> Also in our current release process we need a PR from the release branch
> towards master, so checks could be done there as well! But we'd need to
> change the release procedure from:
>
> Build sources locally > publish to npm > have release PR to update tags in
> monorepo
>
> To:
>
> Build sources locally > have release PR to update tags in monorepo *and
> check for vulnerable dependencies* > publish to npm
>
> --
>
> PAOLO HAJI
>
> SOFTWARE ENGINEER, RED HAT MOBILE APPLICATION PLATFORM
>
> Red Hat Brasil <https://www.redhat.com/>
>
> phaji at redhat.com
> <https://red.ht/sig>
> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
>
--
WOJCIECH TROCKI
Red Hat Mobile <https://www.redhat.com/>
IM: wtrocki
<https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-raincatcher/attachments/20171012/df542458/attachment.htm>
More information about the Feedhenry-raincatcher
mailing list