The security scanning jobs should only fail jobs if the PR adds a security issue #2751

skitt · 2023-10-13T13:19:54Z

What happened:

Currently, security scanning jobs fail a PR if any of the project’s dependencies are identified as containing a known vulnerability. This prevents us merging PRs when a vulnerability is found, until the project updates to address that.

What you expected to happen:

PRs should only be blocked if they introduce a security vulnerability, i.e. add a dependency with a known vulnerability.

github-actions · 2024-02-22T00:11:38Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further
activity occurs. Thank you for your contributions.

github-actions · 2024-06-22T00:12:59Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further
activity occurs. Thank you for your contributions.

skitt added the bug Something isn't working label Oct 13, 2023

dfarrell07 self-assigned this Oct 24, 2023

dfarrell07 added the priority:low label Oct 24, 2023

github-actions bot added the stale label Feb 22, 2024

skitt removed the stale label Feb 22, 2024

github-actions bot added the stale label Jun 22, 2024

dfarrell07 removed the stale label Jun 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The security scanning jobs should only fail jobs if the PR adds a security issue #2751

The security scanning jobs should only fail jobs if the PR adds a security issue #2751

skitt commented Oct 13, 2023

github-actions bot commented Feb 22, 2024

github-actions bot commented Jun 22, 2024

The security scanning jobs should only fail jobs if the PR adds a security issue #2751

The security scanning jobs should only fail jobs if the PR adds a security issue #2751

Comments

skitt commented Oct 13, 2023

github-actions bot commented Feb 22, 2024

github-actions bot commented Jun 22, 2024