You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
As a project we need to be consistently evaluating existing dependencies as well as new dependencies as they arise. This is part of being a mature project that needs to have strong security practices.
On top of this we need to ensure dependencies are kept up to date to ensure we have all security fixes from our dependencies.
Describe the solution you'd like
An additional PR check that evaluates dependencies using https://github.com/ossf/scorecard and blocks dependencies below a threshold
Automation to PR dependency updates (something like dependabot/renovate)
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
As a project we need to be consistently evaluating existing dependencies as well as new dependencies as they arise. This is part of being a mature project that needs to have strong security practices.
On top of this we need to ensure dependencies are kept up to date to ensure we have all security fixes from our dependencies.
Describe the solution you'd like
The text was updated successfully, but these errors were encountered: