You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if the package has insecure third party dependencies we should be breaking the build and working with upstream to fix this.
Multiple ways to deal with this problem.
soft approach: monitor the dependencies seperately and keep a tab on it and followup with upstreams (already configured for pip via requires.io but we still need to find for gem and java dependencies)
Hard approach: monitor at build time via local tool and break build if dependency older. This would require large efforts and change in build script for all packages and we need to decide on which software needs to be scanned and how. One probability is to use owasp dependecy checker but we need to do a trial run.
The text was updated successfully, but these errors were encountered:
if the package has insecure third party dependencies we should be breaking the build and working with upstream to fix this.
Multiple ways to deal with this problem.
soft approach: monitor the dependencies seperately and keep a tab on it and followup with upstreams (already configured for pip via requires.io but we still need to find for gem and java dependencies)
Hard approach: monitor at build time via local tool and break build if dependency older. This would require large efforts and change in build script for all packages and we need to decide on which software needs to be scanned and how. One probability is to use owasp dependecy checker but we need to do a trial run.
The text was updated successfully, but these errors were encountered: