Skip to content
This repository was archived by the owner on Sep 3, 2022. It is now read-only.

Snyk#93

Merged
f2prateek merged 1 commit intomasterfrom
snyk
Jul 2, 2018
Merged

Snyk#93
f2prateek merged 1 commit intomasterfrom
snyk

Conversation

@f2prateek
Copy link
Copy Markdown
Contributor

@f2prateek f2prateek commented Jul 2, 2018
edited
Loading

Snyk monitors for vulnerable dependencies and notifies us if any were to be found.

This fails the build if any high priority vulnerabilities are found in analytics.js-core.

It runs as a seperate CI job to speed up builds. To reduce the copy paste between the different jobs, I moved the common bits into a defaults section that is shared between the jobs.

@codecov-io
Copy link
Copy Markdown

codecov-io commented Jul 2, 2018
edited
Loading

Codecov Report

Merging #93 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #93   +/-   ##
=======================================
  Coverage   98.58%   98.58%           
=======================================
  Files          11       11           
  Lines         636      636           
=======================================
  Hits          627      627           
  Misses          9        9

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 39f8e57...aed448d. Read the comment docs.

@f2prateek f2prateek requested review from fathyb and leifdreizler July 2, 2018 17:25
leifdreizler
leifdreizler reviewed Jul 2, 2018
View reviewed changes
.circleci/config.yml Outdated
steps:
- checkout
- attach_workspace: { at: . }
- run: yarn run snyk test --severity-threshold=high --org=segment-pro
Copy link
Copy Markdown

@leifdreizler leifdreizler Jul 2, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When using the snyk auth token that gets pulled in by context: snyk you shouldn't need to specify a --org. If you remove this and look at the tests you should still see Organisation: segment-pro in the snyk test and snyk monitor in CI.

Copy link
Copy Markdown
Contributor Author

@f2prateek f2prateek Jul 2, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated!

@f2prateek
Setup Snyk
aed448d 
Snyk monitors for vulnerable dependencies and notifies us if any were to be found.

This fails the build if any high priority vulnerabilities are found in analytics.js-core.

It runs as a seperate CI job to speed up builds. To reduce the copy paste between the different jobs, I moved the common bits into a defaults section that is shared between the jobs.
@f2prateek f2prateek merged commit f3d9eaa into master Jul 2, 2018
@f2prateek f2prateek deleted the snyk branch July 2, 2018 18:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@leifdreizler leifdreizler leifdreizler approved these changes

@fathyb fathyb fathyb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@f2prateek @codecov-io @leifdreizler @fathyb