practica icon indicating copy to clipboard operation
practica copied to clipboard
verified publisher icon practicajs

Configure a vulnerabilities checker

Open goldbergyoni opened this issue 3 years ago • 2 comments

🎯 Goal: - Detect when some code has vulnerabilities or when a developer is fetching a suspicious package

🤔 More info:

  • Tools like sync alike can provide E2E CVE shield free for OSS projects
  • Run as part of CI
  • Beyond just realizing CVE (vulnerabilities), they have advanced capabilities of warning/PR when dependencies are outdates

goldbergyoni avatar May 03 '22 10:05 goldbergyoni

Would something like Snyk Open Source be what you're thinking of for this item?

clarkio avatar Jun 25 '22 16:06 clarkio

Created an organization in Snyk and added this repo: https://app.snyk.io/org/practica.js/projects

@goldbergyoni Invited you to the organization. Also, I sent a access request for snyk to Practica org

mikicho avatar Jul 03 '22 18:07 mikicho