Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unleash dependabot on Docker files and add dependency review workflow #4945

Merged
merged 1 commit into from Nov 13, 2023
Merged

Unleash dependabot on Docker files and add dependency review workflow #4945

merged 1 commit into from Nov 13, 2023

Conversation

step-security-bot
Copy link
Contributor

Summary

This pull request is created by StepSecurity at the request of @yurishkuro. Please merge the Pull Request to incorporate the requested changes. Please tag @yurishkuro on your message if you have any questions related to the PR.

Security Fixes

Keeping your actions up to date with Dependabot

With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Add Dependency Review Workflow

The Dependency Review Workflow enforces dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

@step-security-bot
[StepSecurity] Apply security best practices
81f39a1 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@step-security-bot step-security-bot requested a review from a team as a code owner November 13, 2023 03:30
@yurishkuro yurishkuro added the changelog:ci Change related to continuous integration / testing label Nov 13, 2023
@yurishkuro yurishkuro changed the title [StepSecurity] Apply security best practices Unleash dependabot on Docker files and add dependency review workflow Nov 13, 2023
@yurishkuro yurishkuro merged commit cb25bf5 into jaegertracing:main Nov 13, 2023
33 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@joe-elliott joe-elliott Awaiting requested review from joe-elliott joe-elliott is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
changelog:ci Change related to continuous integration / testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@step-security-bot @yurishkuro