Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add dependabot for monitoring Go and GitHub Actions dependencies #19

Merged
merged 1 commit into from May 30, 2022
Merged

feat: add dependabot for monitoring Go and GitHub Actions dependencies #19

merged 1 commit into from May 30, 2022

Conversation

rdimitrov
Copy link
Contributor

The following PR adds Dependabot to the go-securesystemslib project for monitoring its Go and GitHub Actions dependencies.

It has been motivated by the recent vulnerability found in gopkg.in/yaml.v3 v3.0.0 which got flagged in go-tuf. Upon further debugging it was found to be a transitive dependency from github.com/stretchr/testify.

Signed-off-by: Radoslav Dimitrov dimitrovr@vmware.com

@rdimitrov
feat: add dependabot for monitoring Go and GitHub Actions dependencies
aec78b7 
Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
@coveralls
Copy link

coveralls commented May 30, 2022
edited

Pull Request Test Coverage Report for Build 2410117709

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 94.068%
Totals Coverage Status
Change from base Build 2409359612: 0.0%
Covered Lines: 222
Relevant Lines: 236
💛 - Coveralls

@adityasaky adityasaky merged commit ca1f07d into secure-systems-lab:main May 30, 2022
@adityasaky
Copy link
Member

Thanks, @rdimitrov!

@rdimitrov rdimitrov deleted the dimitrovr/add-dependabot branch May 30, 2022 21:00
adityasaky added a commit to adityasaky/in-toto-golang that referenced this pull request Jun 1, 2022
@adityasaky
Enable dependabot for Go Mod and GitHub Actions
7578b5c 
Inspired by
secure-systems-lab/go-securesystemslib#19 by
@rdimitrov

Signed-off-by: Aditya Sirish <aditya@saky.in>
@adityasaky adityasaky mentioned this pull request Jun 1, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rdimitrov @coveralls @adityasaky