Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Snyk test/monitor for web3-react + exclude workspace unmet deps #835

Merged
merged 10 commits into from
Jul 6, 2023
Merged

build: Snyk test/monitor for web3-react + exclude workspace unmet deps #835

merged 10 commits into from
Jul 6, 2023

Conversation

pwnslinger
Copy link
Contributor

@pwnslinger pwnslinger commented Jun 23, 2023
edited
Loading

Description

  • Integrating Snyk test/monitor for web3-react
  • Excluding workspace's unmet dependencies as lerna is used for the monorepo management and web3-react component included as a dependency to other projects e.g., CoinbaseWallet, etc.

Tasks

  • exclude packages and examples workspaces sub-directories using Snyk ignore/exclude policies
    • uses Lerna for managing monorepo and Yarn workspaces
  • Fail the pipeline even in case there’s an unpatchable vulnerability in one of the packages
  • Keep Snyk snapshot in sync with CLI using the monitor

@pwnslinger pwnslinger self-assigned this Jun 23, 2023
@vercel
Copy link

vercel bot commented Jun 23, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
web3-react ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 6, 2023 6:09pm

@AndrewMohawk AndrewMohawk changed the title Snyk test/monitor for web3-react + exclude workspace unmet deps Build: Snyk test/monitor for web3-react + exclude workspace unmet deps Jun 23, 2023
zzmp
zzmp suggested changes Jun 23, 2023
View reviewed changes
.github/workflows/snyk_sca_scan.yml Outdated Show resolved Hide resolved
@zzmp zzmp changed the title Build: Snyk test/monitor for web3-react + exclude workspace unmet deps build: Snyk test/monitor for web3-react + exclude workspace unmet deps Jun 23, 2023
zzmp
zzmp suggested changes Jun 23, 2023
View reviewed changes
.github/workflows/CI.yml Outdated Show resolved Hide resolved
.github/workflows/snyk_sca_scan.yml Show resolved Hide resolved
.github/workflows/snyk_sca_scan.yml Outdated Show resolved Hide resolved
.github/workflows/snyk_sca_scan.yml Outdated Show resolved Hide resolved
.github/workflows/snyk_sca_scan.yml Outdated Show resolved Hide resolved
.github/workflows/snyk_sca_scan.yml Outdated Show resolved Hide resolved
@pwnslinger @zzmp
Update .github/workflows/CI.yml
025ecec 
Co-authored-by: Zach Pomerantz <[email protected]>
pwnslinger
pwnslinger commented Jun 26, 2023
View reviewed changes
Copy link
Contributor Author

@pwnslinger pwnslinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied the comments/suggestions. For @zzmp to finalize his review and merge the PR.

.github/workflows/snyk_sca_scan.yml Show resolved Hide resolved
@pwnslinger pwnslinger merged commit 2aae4f1 into main Jul 6, 2023
6 checks passed
@pwnslinger pwnslinger deleted the feat/snyk-scan branch July 6, 2023 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndrewMohawk AndrewMohawk AndrewMohawk approved these changes

@zzmp zzmp zzmp approved these changes

Assignees

@pwnslinger pwnslinger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pwnslinger @AndrewMohawk @zzmp @mosioswap