swagger-diff icon indicating copy to clipboard operation
swagger-diff copied to clipboard

Published 20 hours ago verified publisher icon Sayi

Handle security CVE violations

Open herve-brun opened this issue 3 years ago • 1 comments
trafficstars

This merge request handles all the CVE security issues detected by static analysis tools (dependabot, depshield, etc. ...)

No breaking change has been detected.

I added a few GitHub actions and some badges to reflect the quality gates in the README.

I also did set up a CodeCov and a Sonarqube analysis actions. I know you are using another coverage analysis tool but CodeCov is integrated in GitHub actions. I could remove it if you wish ... ?

The Sonarqube actions uses two GitHub project secrets you will have to set up in your GitHub repo before merging if you want this action to be functional :

  • SONAR_ORGANIZATION : your sonarcloud.io organization's key,
  • SONAR_PROJECTKEY : the sonar cloud project's key, and
  • SONAR_TOKEN: your sonarcloud.io access token.

One you create a sonarcloud.io account, the set up is really easy : import the github project and choose the "Setup GitHub Action" tile to setup the sonarcloud project.

herve-brun avatar Jan 31 '22 00:01 herve-brun

@Sayi

Any news on this merge request ? Are you interested in this type of contribution ?

herve-brun avatar Jun 18 '23 20:06 herve-brun