Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide assistance to users attempting to resolve vulnerable dependencies #195

Open
bigdaz opened this issue Apr 23, 2024 · 0 comments
Open

Provide assistance to users attempting to resolve vulnerable dependencies #195

bigdaz opened this issue Apr 23, 2024 · 0 comments
Labels
enhancement New feature or request in:dependency-submission

Comments

@bigdaz
Copy link
Member

bigdaz commented Apr 23, 2024
edited

Because all dependencies are assigned to the settings.gradle.kts file, it can be difficult for users to work out how to fix vulnerable dependencies. (Attributing to a particular project would help a bit, but not entirely).

We could provide more assistance to users:

  • Add a central documentation page focussed on "understanding the GitHub Dependency Graph for your Gradle project"
    • This page should be succinct and point users to other, more complete documentation where necessary.
    • Top level, mention enabling Build Scans and running with debug logging.
  • Link to this documentation in the generated Job Summary

Although another report with full dependency information could be helpful, I think we already provide a sufficient mechanism via Build Scans, debug logging and existing Gradle dependency tasks. But these need to be more discoverable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request in:dependency-submission
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bigdaz