Skip to content
This repository was archived by the owner on Sep 3, 2022. It is now read-only.

Snyk #93

Merged
merged 1 commit into from
Jul 2, 2018
Merged

Snyk #93

merged 1 commit into from
Jul 2, 2018

Conversation

f2prateek
Copy link
Contributor

@f2prateek f2prateek commented Jul 2, 2018
edited
Loading

Snyk monitors for vulnerable dependencies and notifies us if any were to be found.

This fails the build if any high priority vulnerabilities are found in analytics.js-core.

It runs as a seperate CI job to speed up builds. To reduce the copy paste between the different jobs, I moved the common bits into a defaults section that is shared between the jobs.

@codecov-io
Copy link

codecov-io commented Jul 2, 2018
edited
Loading

Codecov Report

Merging #93 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #93   +/-   ##
=======================================
  Coverage   98.58%   98.58%           
=======================================
  Files          11       11           
  Lines         636      636           
=======================================
  Hits          627      627           
  Misses          9        9

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 39f8e57...aed448d. Read the comment docs.

@f2prateek f2prateek requested review from fathyb and leifdreizler July 2, 2018 17:25
leifdreizler
leifdreizler reviewed Jul 2, 2018
View reviewed changes
.circleci/config.yml Outdated
steps:
- checkout
- attach_workspace: { at: . }
- run: yarn run snyk test --severity-threshold=high --org=segment-pro
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When using the snyk auth token that gets pulled in by context: snyk you shouldn't need to specify a --org. If you remove this and look at the tests you should still see Organisation: segment-pro in the snyk test and snyk monitor in CI.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated!

@f2prateek
Setup Snyk
aed448d 
Snyk monitors for vulnerable dependencies and notifies us if any were to be found.

This fails the build if any high priority vulnerabilities are found in analytics.js-core.

It runs as a seperate CI job to speed up builds. To reduce the copy paste between the different jobs, I moved the common bits into a defaults section that is shared between the jobs.
@f2prateek f2prateek merged commit f3d9eaa into master Jul 2, 2018
@f2prateek f2prateek deleted the snyk branch July 2, 2018 18:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
2 more reviewers

@leifdreizler leifdreizler leifdreizler approved these changes

@fathyb fathyb fathyb approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@f2prateek @codecov-io @leifdreizler @fathyb