You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2022/10/19 04:28:20 UTC
[GitHub] [camel-k] tadayosi opened a new issue, #3753: Use `go vuln` to check security vulnerabilities
tadayosi opened a new issue, #3753:
URL: https://github.com/apache/camel-k/issues/3753
It might be a good idea to have a make target that runs `go vuln` and/or have a CI workflow to run it on the project periodically.
https://github.com/golang/vuln
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] gansheer commented on issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by "gansheer (via GitHub)" <gi...@apache.org>.
gansheer commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655743715
I will take care of this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] squakez commented on issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by "squakez (via GitHub)" <gi...@apache.org>.
squakez commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655755358
Maybe we can run this only on PRs with dependency changes, ie https://github.com/apache/camel-k/blob/main/.github/workflows/coverage.yml#L22-L23 (instead we just checkout go.mod and go.sum). WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] gansheer commented on issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by "gansheer (via GitHub)" <gi...@apache.org>.
gansheer commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655764588
It could be a good idea for the PR part, but I fear we will run in the case when it's always in warning if we find ourself in a case where it is a vulnerability from one of the golang libs that come with the golang version. It would be a clear signal that we need to upgrade golang but it would mean having check errors for PRs before the upgrade is done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] squakez closed issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by "squakez (via GitHub)" <gi...@apache.org>.
squakez closed issue #3753: Use `govulncheck` to check security vulnerabilities
URL: https://github.com/apache/camel-k/issues/3753
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] github-actions[bot] commented on issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1386274937
This issue has been automatically marked as stale due to 90 days of inactivity.
It will be closed if no further activity occurs within 15 days.
If you think that’s incorrect or the issue should never stale, please simply write any comment.
Thanks for your contributions!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] squakez commented on issue #3753: Use `govulncheck` to check security vulnerabilities
Posted by "squakez (via GitHub)" <gi...@apache.org>.
squakez commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655773605
Considering all the importance security is getting lately, I'd try to do that on the PR. If we will in a situation where we cannot stay after it, we can easily turn the action into a nightly check. Or we can do the other way around. Feel free to do the way you prefer. Once the action is in place is relatively easily to adjust the process.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org