httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: Security features of Github
Date Fri, 25 Jun 2021 08:04:18 GMT
On 25/06/2021 09.23, Ruediger Pluem wrote:
> I would like to leverage the "security features" of GitHub like Dependabot alerts and
Code scanning alerts.
> 
> First question: Do we want this? Does anyone object?
> 
> Second question: Is this possible with our GitHub setup? I known that this question might
be better suited for the infra list, but
> OTOH I know that some infra guys are here as well.
> While Dependabot seems to be only a matter of activating which might be easy I understand
that The Code scanning alerts run as
> GitHub actions and I am not sure if we can use GitHub actions or what the limits are
as for the CI stuff we use Travis.
> 
> Regards
> 
> RĂ¼diger
> 

Dependabot unfortunately is not a viable option, as that would start 
leaking potential issues into public space due to how our and their 
infra works.

Mime
View raw message