[FOLIO-3709] Review what's tracked (or not) by Snyk Created: 15/Feb/23  Updated: 07/Sep/23  Resolved: 30/Mar/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P3
Reporter: Craig McNally Assignee: Skott Klebe
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3622 Snyk Developer Security Platform Open
Sprint:
Development Team: None
RCA Group: TBD

 Description   

Overview

The current state of Snyk is not as organized as well as we'd like.  It's worth spending some time looking into what can/should be added or removed.

Scope

  • Assess if there are any repositories being scanned which shouldn't be (personal forks, repos in other organizations, etc.)
  • Assess if there are any folio-org repositories which should be scanned which currently aren't.

Acceptance Criteria

  • A list of suggested adjustments is shared with and reviewed with the Security Team

Links



 Comments   
Comment by Julian Ladisch [ 16/Feb/23 ]

Assess if there are any folio-org repositories which should be scanned which currently aren't.

This is covered by https://folio-org.atlassian.net/wiki/display/SEC/Snyk#Snyk-Importallfolio-org

Comment by Julian Ladisch [ 23/Mar/23 ]

Assess if there are any repositories being scanned which shouldn't be (personal forks, repos in other organizations, etc.)

This is covered by https://folio-org.atlassian.net/wiki/display/SEC/Snyk#Snyk-Importothers since December 1st, 2022.

Generated at Thu Feb 08 23:30:07 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.