Project

General

Profile

Support #21310

Requirements to have security alerts related GlideinWMS dependencies in GitHub repository

Added by Lorena Lobato Pardavila about 1 year ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
11/05/2018
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

During the WMP meeting, security alerts in GitHub1 have been discussed. There is an option of having a dependency graph and security alerts enabled in the repository, which checks all listed dependencies and checks reports (ex:[2]). This way, we’d be notified when a vulnerability is detected in any of the GlideinWMS project dependencies and even it would suggest known fixes from other experiences reported in GitHub community.

We'd need to have the file that gathers all the requirements[3 ] to get vital vulnerability information to GlideinWMS project. An example of something similar would be [4].

[1]https://blog.github.com/2017-11-16-introducing-security-alerts-on-github/
[2]https://github.com/dmwm/WMCore/network/dependencies
[3]https://help.github.com/articles/listing-the-packages-that-a-repository-depends-on/
[4]https://github.com/dmwm/WMCore/pull/8880/files#diff-b4ef698db8ca845e5845c4618278f29a

History

#1 Updated by Lorena Lobato Pardavila about 1 year ago

  • Assignee set to Lorena Lobato Pardavila

#2 Updated by Lorena Lobato Pardavila 3 months ago

  • Target version changed from v3_5_1 to v3_6_1

#3 Updated by Marco Mambelli about 2 months ago

  • Target version changed from v3_6_1 to v3_6_2

#4 Updated by Lorena Lobato Pardavila about 1 month ago

  • Assignee deleted (Lorena Lobato Pardavila)


Also available in: Atom PDF