Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI - Add Snyk Scanning #1800

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dealako
Copy link

@dealako dealako commented Apr 26, 2024

This PR introduces a CI job to periodically scan the OpenVDB repository
for security vulernatiblities. This CI job requires coordination with
John Mertic (@jmertic) and/or the OpenVDB maintainers to add both the
SNYK_ORG and SNYK_TOKEN GitHub secrets to the GitHub configuration.
Once these serets are added, then this PR can be merged with the
appropriate review/approvals. The Snyk tool can be run on the command
line at any time using:

snyk auth ${SNYK_TOKEN}

Your account has been authenticated. Snyk is now ready to be used.

snyk test --unmanaged --org=${SNYK_ORG}

Testing /Users/ddeal/projects/go/src/github.com/dealako/openvdb...

Tested 1 dependency for known issues, found 0 issues.

snyk monitor --unmanaged --org=${SNYK_ORG}

Monitoring /Users/ddeal/projects/go/src/github.com/dealako/openvdb (openvdb)...

Explore this snapshot at https://app.snyk.io/...

Notifications about newly disclosed issues related to these dependencies will be emailed to you.

Contact John Mertic (@jmertic) to access the above secrets or to gain
access to the Snyk console.

Signed-off-by: David Deal ddeal@linuxfoundation.org

Copy link

linux-foundation-easycla bot commented Apr 26, 2024

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: dealako / name: David Deal (79758df)

This PR introduces a CI job to periodically scan the OpenVDB repository
for security vulernatiblities. This CI job requires coordination with
John Mertic (jmertic) and/or the OpenVDB maintainers to add both the
`SNYK_ORG` and `SNYK_TOKEN` GitHub secrets to the GitHub configuration.
Once these serets are added, then this PR can be merged with the
appropriate review/approvals. The Snyk tool can be run on the command
line at any time using:

```bash
snyk auth ${SNYK_TOKEN}

Your account has been authenticated. Snyk is now ready to be used.

snyk test --unmanaged --org=${SNYK_ORG}

Testing /Users/ddeal/projects/go/src/github.com/dealako/openvdb...

Tested 1 dependency for known issues, found 0 issues.

snyk monitor --unmanaged --org=${SNYK_ORG}

Monitoring /Users/ddeal/projects/go/src/github.com/dealako/openvdb (openvdb)...

Explore this snapshot at https://app.snyk.io/org/openvdb/project/${SNY_ORG}/history/4c82fd74-757b-40f3-8522-803ae4f84e0f

Notifications about newly disclosed issues related to these dependencies will be emailed to you.
```

Contact John Mertic (jmertic) to access the above secrets or to gain
access to the Snyk console.

Signed-off-by: David Deal <ddeal@linuxfoundation.org>
@dealako
Copy link
Author

dealako commented Apr 26, 2024

@jmertic - I requested EasyCLA corporate contributor authorization. You are listed as one of the CLA managers. :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant