request #31123 Automate scanning for known vulnerabilities in dependencies

Infos

Artifact ID#31123

Submitted byThomas Gerbet (tgerbet)

Last Modified On2023-03-08 18:35

Submitted on2023-03-08 12:34

Rank32758

Details

Summary *

Automate scanning for known vulnerabilities in dependencies

Original Submission

Goals are:

automating myself/give an easy way to the whole dev team to triage security issues in our dependencies
have a global view of the current state of dependencies so we can answer "What known vulnerabilities there is in our dependency tree"

As a first step only PHP/Packagist, JS/npm, Rust/cargo and go dependencies will be covered.

CategoryDev tools

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2023-03-08

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #31123

Git commit

tuleap/tools/jenkinsfile-library

Update path to the build-tools.dockerfile master 29fb09fc73

Thomas Gerbet (tgerbet) , 2023-03-10 09:03

tuleap/tools/release-manifest

Update path to the build-tools.dockerfile master 42a7202d79

Thomas Gerbet (tgerbet) , 2023-03-09 10:59

tuleap/tuleap/stable

Closes request #31123: Automate scanning for known vulnerabilities in dependencies 55d3fa32d9

Thomas Gerbet (tgerbet) , 2023-03-08 14:00

Merge commit 'refs/changes/13/28013/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 5615190461

Nicolas Terray (nterray) , 2023-03-08 18:33

Git Pull Request

tuleap/tools/jenkinsfile-library

Update path to the build-tools.dockerfile Merged

Thomas Gerbet (tgerbet) , 2023-03-10 09:06

tuleap/tools/release-manifest

Update path to the build-tools.dockerfile Merged

Thomas Gerbet (tgerbet) , 2023-03-09 11:01

Show items referenced by request #31123

Referenced by request #31123

Artifact Tracker v5

rel #30364 14.7

Git commit

tuleap/tuleap/stable

Closes request #31123: Automate scanning for known vulnerabilities in dependencies 55d3fa32d9

Thomas Gerbet (tgerbet) , 2023-03-08 14:00

Other

gerrit #28013

Follow-ups

Nicolas Terray (nterray)

2023-03-08 18:35

gerrit #28013 integrated into Tuleap 14.6.99.45

Connected artifacts
- Added Fixed in: rel #30364

Tracker Workflow Manager (forge__tracker_workflow_manager)

2023-03-08 18:34

Closed by @tgerbet with git #tuleap/stable/55d3fa32d948139840a93656a5ce459256f1f737.

Status changed from Under review to Closed
Close date set to 2023-03-08

Thomas Gerbet (tgerbet)

2023-03-08 13:18

See gerrit #28013.

Status changed from Under implementation to Under review

Public

Referencing request #31123

Git commit

tuleap/tools/jenkinsfile-library

tuleap/tools/release-manifest

tuleap/tuleap/stable

Git Pull Request

tuleap/tools/jenkinsfile-library

tuleap/tools/release-manifest

Referenced by request #31123

Artifact Tracker v5

Git commit

tuleap/tuleap/stable

Other

Follow-ups