chore: add Snyk monitoring #154
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this change?
This PR integrates the repository with a reusable Snyk (GitHub action) workflow which will scan your code’s dependencies and alert you if vulnerabilities are found. This reusable workflow gives us reliability, control and consistency of how all our repositories are integrated with Snyk.
In particular, reliably integrated means we compare the hash of the last commit on your default branch to the one that Snyk last scanned, and make sure that they match.
This integration has already been tested to make sure scanning will work. Manual updates may also have been applied, which should be squash-merged to keep a tidier history.
If you think that this repository doesn’t belong to your team, please adjust the teams who have admin access in GitHub and talk to the DevX Security team
Feel free to review and merge this PR as a team, or the DevX Security team will do this on your behalf soon.