Integrate this project with Snyk for third-party vulnerability scanning

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 100.9.5
    • Affects Version/s: None
    • Component/s: None
    • None
    • 3
    • TAR 2024-05-13
    • Tools and Replicator
    • 2
    • Not Needed

      Problem

      See the project's design doc.

      Solution & Acceptance Criteria

      • Make sure the Snyk config for thjis project is correct.
      • Make a PR to update dependencies to address any flagged issues.
      • Add a task in our Evergreen release workflow that will fail if there are any high or critical vulnerabilities in our deps.
      • Figure out how to deal with false positives where we don't want to upgrade (or where no upgrade is available yet). I think the answer is that we can manually tell Snyk to ignore these via their web console.

              Assignee:
              Dave Rolsky
              Reporter:
              Dave Rolsky
              Evgeni Dobranov (Inactive), Huan Li (Inactive), Johnny DuBois (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: