A GitHub App built with Probot that Probot App that posts GitHub Statuses Checks based on security vulnerabilities
Install the app at: https://github.com/apps/vulnerability-pr-checks
- The app is by default ignoring dismissed vulnerabilities. This is an internal variable that soon needs to be a configuration on the
.github
folder. - GitHub Security Vulnerability alerts are only indexed on the
master
branch, this means that when checking for active vulnerabilities, the app is actually only checking master. This means that if the developer acts on the vulnerabilities on the branch, the results won't change. It's recommended if using the app, that security vulnerabilities are changed on another PR and merged before the current branch under analysis. Hoping one day all the branches are indexed, but this is the reality today. - I was lazy with the tests, sorry.
Check instructions at: https://probot.github.io/docs/deployment/
# Install dependencies
npm install
# Run the bot
npm start
If you have suggestions for how vulnerability-pr-checks
could be improved, or want to report a bug, open an issue! We'd love all and any contributions.
For more, check out the Contributing Guide.
ISC © 2019 Vitor Monteiro [email protected] (https://github.com/bitoiu)