httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Security features of Github
Date Fri, 25 Jun 2021 11:15:19 GMT


On 6/25/21 10:04 AM, Daniel Gruno wrote:
> On 25/06/2021 09.23, Ruediger Pluem wrote:
>> I would like to leverage the "security features" of GitHub like Dependabot alerts
and Code scanning alerts.
>>
>> First question: Do we want this? Does anyone object?
>>
>> Second question: Is this possible with our GitHub setup? I known that this question
might be better suited for the infra list, but
>> OTOH I know that some infra guys are here as well.
>> While Dependabot seems to be only a matter of activating which might be easy I understand
that The Code scanning alerts run as
>> GitHub actions and I am not sure if we can use GitHub actions or what the limits
are as for the CI stuff we use Travis.
>>
>> Regards
>>
>> RĂ¼diger
>>
> 
> Dependabot unfortunately is not a viable option, as that would start leaking potential
issues into public space due to how our and
> their infra works.
> 

This is a pity. What about the Code scanning alerts that require Github actions?

Regards

RĂ¼diger

Mime
View raw message