Date
11 Dec 2020
Attendees
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Review Security Issues | Team | Review Kanban board |
Snyk token | Synk has two ways to analyze maven projects: |
they have many false positives and false negatives, see this screenshot. On the left a) with julianladisch/raml-module-builder where a GitHub action runs maven and then the snyk analysis and on the right b) with folio-org/raml-module-builder where Snyk directly fetches the pom.xml files. To run the GitHub actions for a) we need to put the Everyone agrees we should create a folio-org Snyk organization and Token. The POC period has ended. Julian Ladischwill try to do this in the coming weeks, including asking Devops to add the token to the repo. | |||
Safe harbor, policies | Safe Harbor Statement/Acceptable Use Policy - Still no activity/movement |