You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airflow.apache.org by Feng Lu <fe...@google.com.INVALID> on 2018/12/18 08:01:44 UTC

Configuring/sharing Airflow github repo security alerts

Hi all,

Looks like GitHub now adds a new "Security Alert" feature
<https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/>
for tracking dependency CVEs, unfortunately I couldn't find it in Airflow
repo. <https://github.com/apache/incubator-airflow/pulse> So if it makes
sense to the community, could Airflow repo admin (assume it means PMC
members ;p) help to enable the alert feature and make it publicly
available?

Happy to take a stab myself if I have the access permission.
Thanks.

Feng

Re: Configuring/sharing Airflow github repo security alerts

Posted by Feng Lu <fe...@google.com.INVALID>.

Thank you Tao, just pinged Apache Infra on this ticket.

On Tue, Dec 18, 2018 at 6:38 PM Tao Feng <fe...@gmail.com> wrote:

> Thanks Feng for the suggestion. Just file
> https://issues.apache.org/jira/browse/INFRA-17470.
>
> On Tue, Dec 18, 2018 at 6:25 PM Feng Lu <fe...@google.com.invalid> wrote:
>
> > Cool, thank you Ash. Kindly let us know when you have opened the INFRA
> jira
> > ticket.
> >
> > On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor <as...@firemirror.com>
> > wrote:
> >
> > > We're not admins of the repo - only the ASF Infra team are, so we'll
> > > have to open an ticket against the INFRA queue in jira asking for this
> > >
> > > (I haven't done this. Not on large device right now)
> > >
> > > -a
> > >
> > > Feng Lu wrote on 18/12/2018 08:01:
> > > > Hi all,
> > > >
> > > > Looks like GitHub now adds a new "Security Alert" feature
> > > > <
> > >
> >
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> > > >
> > > > for tracking dependency CVEs, unfortunately I couldn't find it in
> > Airflow
> > > > repo. <https://github.com/apache/incubator-airflow/pulse> So if it
> > makes
> > > > sense to the community, could Airflow repo admin (assume it means PMC
> > > > members ;p) help to enable the alert feature and make it publicly
> > > > available?
> > > >
> > > > Happy to take a stab myself if I have the access permission.
> > > > Thanks.
> > > >
> > > > Feng
> > > >
> > >
> > >
> >
>

Re: Configuring/sharing Airflow github repo security alerts

Posted by Tao Feng <fe...@gmail.com>.

Thanks Feng for the suggestion. Just file
https://issues.apache.org/jira/browse/INFRA-17470.

On Tue, Dec 18, 2018 at 6:25 PM Feng Lu <fe...@google.com.invalid> wrote:

> Cool, thank you Ash. Kindly let us know when you have opened the INFRA jira
> ticket.
>
> On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor <as...@firemirror.com>
> wrote:
>
> > We're not admins of the repo - only the ASF Infra team are, so we'll
> > have to open an ticket against the INFRA queue in jira asking for this
> >
> > (I haven't done this. Not on large device right now)
> >
> > -a
> >
> > Feng Lu wrote on 18/12/2018 08:01:
> > > Hi all,
> > >
> > > Looks like GitHub now adds a new "Security Alert" feature
> > > <
> >
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> > >
> > > for tracking dependency CVEs, unfortunately I couldn't find it in
> Airflow
> > > repo. <https://github.com/apache/incubator-airflow/pulse> So if it
> makes
> > > sense to the community, could Airflow repo admin (assume it means PMC
> > > members ;p) help to enable the alert feature and make it publicly
> > > available?
> > >
> > > Happy to take a stab myself if I have the access permission.
> > > Thanks.
> > >
> > > Feng
> > >
> >
> >
>

Re: Configuring/sharing Airflow github repo security alerts

Posted by Feng Lu <fe...@google.com.INVALID>.

Cool, thank you Ash. Kindly let us know when you have opened the INFRA jira
ticket.

On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor <as...@firemirror.com>
wrote:

> We're not admins of the repo - only the ASF Infra team are, so we'll
> have to open an ticket against the INFRA queue in jira asking for this
>
> (I haven't done this. Not on large device right now)
>
> -a
>
> Feng Lu wrote on 18/12/2018 08:01:
> > Hi all,
> >
> > Looks like GitHub now adds a new "Security Alert" feature
> > <
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> >
> > for tracking dependency CVEs, unfortunately I couldn't find it in Airflow
> > repo. <https://github.com/apache/incubator-airflow/pulse> So if it makes
> > sense to the community, could Airflow repo admin (assume it means PMC
> > members ;p) help to enable the alert feature and make it publicly
> > available?
> >
> > Happy to take a stab myself if I have the access permission.
> > Thanks.
> >
> > Feng
> >
>
>

Re: Configuring/sharing Airflow github repo security alerts

Posted by Ash Berlin-Taylor <as...@firemirror.com>.

We're not admins of the repo - only the ASF Infra team are, so we'll 
have to open an ticket against the INFRA queue in jira asking for this

(I haven't done this. Not on large device right now)

-a

Feng Lu wrote on 18/12/2018 08:01:
> Hi all,
>
> Looks like GitHub now adds a new "Security Alert" feature
> <https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/>
> for tracking dependency CVEs, unfortunately I couldn't find it in Airflow
> repo. <https://github.com/apache/incubator-airflow/pulse> So if it makes
> sense to the community, could Airflow repo admin (assume it means PMC
> members ;p) help to enable the alert feature and make it publicly
> available?
>
> Happy to take a stab myself if I have the access permission.
> Thanks.
>
> Feng
>