compliance-trestle icon indicating copy to clipboard operation
compliance-trestle copied to clipboard

Published 20 hours ago verified publisher icon oscal-compass

Establish logical minimums for dependent library versions in trestle.

Open butler54 opened this issue 3 years ago • 0 comments

Issue description / feature objectives

The current way trestle is built / deployed / used we are typically using 'the latest' that currently gets pulled.

The objective here would be to establish 'known minimum' versions for all dependencies. Ideally we would exhaustively test, however, this may be difficult.

Caveats / Assumptions

  • One of the challenges here will be making sure minimum versions are not vulnerable.
  • One way of doing this may be to generate a requirements.txt which we are not using, however, may be useful for vulnerability scanners.

Completion Criteria

butler54 avatar Dec 03 '21 00:12 butler54