You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
It is important to scan our dependencies for known vulnerabilities, because our consumers might inherit them.
Describe the solution you'd like
Collect vulnerabilities from Gradle and NPM dependencies, including transitive ones.
Report vulnerable dependencies in the summary of the workflow job. It should contain the full identifier of the dependency, and the vulnerability (CVE) with its link.
Workflow should count the total number of scanned dependencies and the vulnerable ones.
Generate a dynamic badge (similarly to the coverage badge) and add it to the README. Label should be 'vulnerabilities', value should be <vulnerabilityCount> / <totalCount>. When vulnerability count is zero, it should be green, red otherwise.
Find a way to notify project maintainers when vulnerabilities were found (probably email).
Check should be scheduled to run weekly.
Describe alternatives you've considered
Dependabot would be a solution if it had support for Gradle version catalogs, which it doesn't.
Additional context
There's already a task called dependencyCheck in the Gradle build file that can be used for this.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
It is important to scan our dependencies for known vulnerabilities, because our consumers might inherit them.
Describe the solution you'd like
<vulnerabilityCount> / <totalCount>
. When vulnerability count is zero, it should be green, red otherwise.Describe alternatives you've considered
Dependabot would be a solution if it had support for Gradle version catalogs, which it doesn't.
Additional context
There's already a task called
dependencyCheck
in the Gradle build file that can be used for this.The text was updated successfully, but these errors were encountered: