<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:11:52 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-1240] Ensure that devs have access to GH security alerts for their repos</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-1240</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;There is a tool that can check if any software in a npm dependency tree has known vulnerabilities. Could we incorporate this into our CI workflow so we&apos;ll receive notification when our package.json would lead to installation of questionable software?&lt;/p&gt;

&lt;p&gt;The alerts apply for all repos that have a package.json JavaScript or Gemfile Ruby.&lt;/p&gt;</description>
                <environment></environment>
        <key id="80349">FOLIO-1240</key>
            <summary>Ensure that devs have access to GH security alerts for their repos</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="61cd0ca0bce5e00069e98be7">David Crossley</assignee>
                                                                <reporter accountid="5d1cd1e35e43080ce8bf881f">Jason Skomorowski</reporter>
                                    <labels>
                    </labels>
                <created>Sat, 15 Jul 2017 01:16:21 +0000</created>
                <updated>Thu, 13 Dec 2018 05:30:49 +0000</updated>
                            <resolved>Fri, 4 May 2018 03:29:25 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>4</watches>
                                                    <timespent seconds="26100">7 hours, 15 minutes</timespent>
                                <comments>
                                                            <comment id="188876" author="5d1cd1e35e43080ce8bf881f" created="Sat, 15 Jul 2017 01:16:56 +0000"  >&lt;p&gt;LOL the security bug got the HTTPS port for a number. I am very easily amused.&lt;/p&gt;</comment>
                                                            <comment id="188880" author="5d1cd1e35e43080ce8bf881f" created="Fri, 17 Nov 2017 13:45:04 +0000"  >&lt;p&gt;I wonder if this obviates the need for this? It seems like it&apos;d be doing a similar thing / perhaps is even based on it?&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/blog/2470-introducing-security-alerts-on-github&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/blog/2470-introducing-security-alerts-on-github&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="188886" author="5f9abc1eb45b2e007453f423" created="Tue, 1 May 2018 17:23:30 +0000"  >&lt;p&gt;Yeah I think the Github Security alerts supercede this.  We have them enabled on all repositories, however, I&apos;m not sure they are visible to those who need to know about them.   Assigning to &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt; to investigate. &lt;/p&gt;</comment>
                                                            <comment id="188887" author="61cd0ca0bce5e00069e98be7" created="Thu, 3 May 2018 02:26:33 +0000"  >&lt;p&gt;It is wider that just Stripes, so i moved this issue to the general FOLIO Jira project.&lt;br/&gt;
(Sorry about your beaut issue number Jason.)&lt;/p&gt;</comment>
                                                            <comment id="188888" author="61cd0ca0bce5e00069e98be7" created="Thu, 3 May 2018 03:05:53 +0000"  >&lt;p&gt;The notifications currently only go to admins. So i will visit each relevant repository to configure it.&lt;/p&gt;

&lt;p&gt;After that people with such access will receive the notifications and see them under &quot;Insights : Dependency graph&quot;.&lt;/p&gt;</comment>
                                                            <comment id="188889" author="61cd0ca0bce5e00069e98be7" created="Fri, 4 May 2018 03:29:25 +0000"  >&lt;p&gt;Done.&lt;/p&gt;</comment>
                                                            <comment id="188890" author="61cd0ca0bce5e00069e98be7" created="Thu, 13 Dec 2018 05:30:49 +0000"  >&lt;p&gt;Now finished revisiting all repositories to enable teams to be aware of vulnerability alerts.&lt;/p&gt;

&lt;p&gt;If there is one, you will now see it on the home page and the dependency graph, and can configure how notifications are received.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzxr6v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 1 May 2018 17:23:30 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>