Configure a vulnerabilities checker
goldbergyoni opened this issue Β· comments
π― Goal: - Detect when some code has vulnerabilities or when a developer is fetching a suspicious package
π€ More info:
- Tools like sync alike can provide E2E CVE shield free for OSS projects
- Run as part of CI
- Beyond just realizing CVE (vulnerabilities), they have advanced capabilities of warning/PR when dependencies are outdates
Would something like Snyk Open Source be what you're thinking of for this item?
Created an organization in Snyk and added this repo:
https://app.snyk.io/org/practica.js/projects
@goldbergyoni Invited you to the organization. Also, I sent a access request for snyk to Practica
org