add nancy scan to CI build #1103
Conversation
|
👋 Thanks for contributing to Viper! You are awesome! 🎉 A maintainer will take a look at your pull request shortly. 👀 In the meantime: We are working on Viper v2 and we would love to hear your thoughts about what you like or don't like about Viper, so we can improve or fix those issues. ⏰ If you have a couple minutes, please take some time and share your thoughts: https://forms.gle/R6faU74qPRPAzchZ9 📣 If you've already given us your feedback, you can still help by spreading the news, https://twitter.com/sagikazarmark/status/1306904078967074816 Thank you! ❤️ |
|
Ping! Has anybody had a chance to look this over - is adds a nancy scan to the CI build? I'm wondering if it fell through the cracks due to the CI build failing - but the failures appear to be due to security vulns - so sort of expected tail chasing going on. Please let me know if there is anything I can do to help move it along. |
|
It's on my mental todo list, but I'd like to combine it with other tools (like snyk and dependabot). I need some time to figure things out. Till then, we can go with manual updates. Until we can upgrade to etcd 3.5 (#1115) which will likely only happen in June, we can't do much about dependencies anyway as it pins quite a few dependencies to relatively old versions. |
Runs nancy to scan for vulnerabilities as part of the CI build.
relates to PR #961 and PR #1066 in that those PR's should fix the build failures (which are due to detected vulnerabilities).