Rename dependency files for Snyk to recognize them #878
Comments
|
Our LFX Security dashboard: https://security.lfx.linuxfoundation.org/#/a092M00001LkH4sQAF/overview A ticket I created to state what I did and how they can help us: https://jira.linuxfoundation.org/plugins/servlet/desk/portal/4/SUPPORT-22038 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Within the LFX Security service, Snyk is attempting to scan security risks in this repo.
Snyk uses the pattern
**/*req*.txtto find requirements files, and it can't seem to be coerced to try anything else.I guess if we rename our dependency files from (for example) app.txt to app-requirements.txt, then Snyk finds them after all.
We don't need a Snyk account for LFX Security, but we could try out locally with the Snyl CLI if the naming is actually the culprit (and if renaming solves it). For that, we probably should make an account.
We might need to follow up with the renaming in a couple of other places, of course, like the Dockerfile or other CI-related things.
The text was updated successfully, but these errors were encountered: