You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2022/10/19 04:28:20 UTC

[GitHub] [camel-k] tadayosi opened a new issue, #3753: Use `go vuln` to check security vulnerabilities

tadayosi opened a new issue, #3753:
URL: https://github.com/apache/camel-k/issues/3753

   It might be a good idea to have a make target that runs `go vuln` and/or have a CI workflow to run it on the project periodically.
   https://github.com/golang/vuln


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] gansheer commented on issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by "gansheer (via GitHub)" <gi...@apache.org>.

gansheer commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655743715

   I will take care of this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] squakez commented on issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by "squakez (via GitHub)" <gi...@apache.org>.

squakez commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655755358

   Maybe we can run this only on PRs with dependency changes, ie https://github.com/apache/camel-k/blob/main/.github/workflows/coverage.yml#L22-L23 (instead we just checkout go.mod and go.sum). WDYT?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] gansheer commented on issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by "gansheer (via GitHub)" <gi...@apache.org>.

gansheer commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655764588

   It could be a good idea for the PR part, but I fear we will run in the case when it's always in warning if we find ourself in a case where it is a vulnerability from one of the golang libs that come with the golang version. It would be a clear signal that we need to upgrade golang but it would mean having check errors for PRs before the upgrade is done.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] squakez closed issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by "squakez (via GitHub)" <gi...@apache.org>.

squakez closed issue #3753: Use `govulncheck` to check security vulnerabilities
URL: https://github.com/apache/camel-k/issues/3753


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] github-actions[bot] commented on issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1386274937

   This issue has been automatically marked as stale due to 90 days of inactivity. 
   It will be closed if no further activity occurs within 15 days.
   If you think that’s incorrect or the issue should never stale, please simply write any comment.
   Thanks for your contributions!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-k] squakez commented on issue #3753: Use `govulncheck` to check security vulnerabilities

Posted by "squakez (via GitHub)" <gi...@apache.org>.

squakez commented on issue #3753:
URL: https://github.com/apache/camel-k/issues/3753#issuecomment-1655773605

   Considering all the importance security is getting lately, I'd try to do that on the PR. If we will in a situation where we cannot stay after it, we can easily turn the action into a nightly check. Or we can do the other way around. Feel free to do the way you prefer. Once the action is in place is relatively easily to adjust the process.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org