httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: Security features of Github
Date Fri, 25 Jun 2021 11:15:19 GMT

On 6/25/21 10:04 AM, Daniel Gruno wrote:
> On 25/06/2021 09.23, Ruediger Pluem wrote:
>> I would like to leverage the "security features" of GitHub like Dependabot alerts
and Code scanning alerts.
>> First question: Do we want this? Does anyone object?
>> Second question: Is this possible with our GitHub setup? I known that this question
might be better suited for the infra list, but
>> OTOH I know that some infra guys are here as well.
>> While Dependabot seems to be only a matter of activating which might be easy I understand
that The Code scanning alerts run as
>> GitHub actions and I am not sure if we can use GitHub actions or what the limits
are as for the CI stuff we use Travis.
>> Regards
>> RĂ¼diger
> Dependabot unfortunately is not a viable option, as that would start leaking potential
issues into public space due to how our and
> their infra works.

This is a pity. What about the Code scanning alerts that require Github actions?



View raw message