Skip to content

!feat: default to analyzing new dependencies only#53

Merged
maxrake merged 3 commits into
mainfrom
all_deps_matter
May 26, 2022
Merged

!feat: default to analyzing new dependencies only#53
maxrake merged 3 commits into
mainfrom
all_deps_matter

Conversation

@maxrake
Copy link
Copy Markdown
Contributor

@maxrake maxrake commented May 26, 2022

Most users of these integrations will already have an existing code base and will not want to "fail their CI builds" for existing dependencies while they work to clean them up. This PR reverses the logic of the --new-deps-only option so that users specify an option when they want to analyze all dependencies. The default will now be to analyze only newly added ones.

BREAKING CHANGE: The option to analyze --new-deps-only was removed and replaced with one that has the opposite meaning: --all-deps

Closes #44

CC: @peterjmorgan and @furi0us333

Checklist

  • Does this PR have an associated issue (i.e., closes #<issueNum> in description above)?
  • Have you ensured that you have met the expected acceptance criteria?
  • Have you created sufficient tests?
    • still no automated tests, but local testing was performed
  • Have you updated all affected documentation?

maxrake added 2 commits May 25, 2022 23:23
@maxrake
feat: default to project settings for risk domain thresholds
66db7a8 
BREAKING CHANGE: Individual risk domain threshold values can be set with command line options, which now accept values between 0 and 100, inclusive. Previously, the accepted values were between 0 and 99, inclusive. Closes #46
@maxrake
feat: default to analyzing new dependencies only
6cb237a 
BREAKING CHANGE: The option to analyze `--new-deps-only` was removed and replaced with one that has the opposite meaning: `--all-deps`
@maxrake maxrake self-assigned this May 26, 2022
@maxrake
Copy link
Copy Markdown
Contributor Author

maxrake commented May 26, 2022

This review and branch are based off of the thresholds branch...which has an active PR underway (#52). Starting the review for this now, but coordination/re-basing with the parent branch(es) will be needed prior to merging.

@maxrake maxrake marked this pull request as ready for review May 26, 2022 16:13
@maxrake maxrake requested a review from a team as a code owner May 26, 2022 16:13
@maxrake maxrake requested review from kylewillmon and removed request for a team May 26, 2022 16:13
Base automatically changed from thresholds to main May 26, 2022 16:45
@maxrake maxrake merged commit e0894fc into main May 26, 2022
@maxrake maxrake deleted the all_deps_matter branch May 26, 2022 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kylewillmon kylewillmon kylewillmon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@maxrake maxrake

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Default to analyzing new dependencies only

2 participants

@maxrake @kylewillmon