Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Included dependency review #406

Merged
merged 2 commits into from Apr 29, 2022
Merged

chore(deps): Included dependency review #406

merged 2 commits into from Apr 29, 2022

Conversation

naveensrinivasan
Copy link
Contributor

Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
and warns you about the associated security vulnerabilities.
This gives you better visibility of what's changing in a pull request,
and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan 172697+naveensrinivasan@users.noreply.github.com

@naveensrinivasan
chore(deps): Included dependency review
4188d09 
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
cpanato
cpanato requested changes Apr 26, 2022
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small request

.github/workflows/depsreview.yml Outdated Show resolved Hide resolved
@naveensrinivasan
Copy link
Contributor Author

@cpanato A friendly ping.

@cpanato
Copy link
Member

cpanato commented Apr 29, 2022

@naveensrinivasan can you add the tag as a comment like you did for the other PR? just to keep consistent thanks

@naveensrinivasan
Update depsreview.yml
3bd3594 
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
@naveensrinivasan
Copy link
Contributor Author

@naveensrinivasan can you add the tag as a comment like you did for the other PR? just to keep consistent thanks

@cpanato Thanks took care of it!

@cpanato cpanato enabled auto-merge (squash) April 29, 2022 20:29
@cpanato cpanato merged commit 01a804b into sigstore:main Apr 29, 2022
mtrmac pushed a commit to mtrmac/sigstore that referenced this pull request Mar 10, 2023
@developer-guy
fix for documentation of the command verify-dockerfile (sigstore#406)
b38bddc 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@naveensrinivasan @cpanato