Integrate Snyk into CI #897

prusnak · 2019-12-10T10:52:38Z

Evaluate the usage of https://snyk.io/

We already use GitHub Security Alerts, but the more the merrier :-)

mroz22 · 2019-12-10T18:03:04Z

And yarn audit could push us even furtherer :D

matejzak · 2021-09-02T16:49:50Z

@matejkriz Please evaluate. Thanks!

matejkriz · 2021-09-14T12:17:04Z

It would be very nice to have it, it could save us from potential security issues.

The integration could be pretty easy, but setup process to benefit from it could be harder. And the fees are pretty high.

I believe it's worth to test if for a month or so.

mroz22 · 2024-07-16T12:55:45Z

isn't this obsolete with advent of socket.dev?

prusnak added the enhancement label Dec 10, 2019

ZdenekSL changed the title ~~Evaluate usage of Snyk~~ Integrate Snyk into CI Dec 12, 2019

ZdenekSL added the W3 label Dec 12, 2019

mroz22 mentioned this issue Dec 15, 2019

add lighthouse security audits test #943

Merged

vladimirvolek added this to the 2Q2020 milestone Jan 8, 2020

matejzak removed the W3 label Jan 22, 2020

matejzak removed the enhancement label Apr 1, 2020

matejzak removed this from the 3Q2020 milestone Oct 23, 2020

matejzak assigned matejkriz Sep 2, 2021

matejzak modified the milestone: Backlog Sep 2, 2021

matejkriz added the LOW label Sep 14, 2021

hynek-jina added the code Code improvements label Dec 10, 2021

hynek-jina added this to Issues Suite May 16, 2022

hynek-jina removed the LOW label Jun 8, 2022

matejkriz removed their assignment Jan 3, 2024

Provide feedback