Project

General

Profile

Support #21310

Requirements to have security alerts related GlideinWMS dependencies in GitHub repository

Added by Lorena Lobato Pardavila 11 months ago. Updated about 6 hours ago.

Status:
New
Priority:
Normal
Assignee:
Lorena Lobato Pardavila
Category:
-
Target version:
v3_5_2
Start date:
11/05/2018
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

During the WMP meeting, security alerts in GitHub1 have been discussed. There is an option of having a dependency graph and security alerts enabled in the repository, which checks all listed dependencies and checks reports (ex:[2]). This way, we’d be notified when a vulnerability is detected in any of the GlideinWMS project dependencies and even it would suggest known fixes from other experiences reported in GitHub community.

We'd need to have the file that gathers all the requirements[3 ] to get vital vulnerability information to GlideinWMS project. An example of something similar would be [4].

[1]https://blog.github.com/2017-11-16-introducing-security-alerts-on-github/
[2]https://github.com/dmwm/WMCore/network/dependencies
[3]https://help.github.com/articles/listing-the-packages-that-a-repository-depends-on/
[4]https://github.com/dmwm/WMCore/pull/8880/files#diff-b4ef698db8ca845e5845c4618278f29a

History

#1 Updated by Lorena Lobato Pardavila 10 months ago

  • Assignee set to Lorena Lobato Pardavila

#2 Updated by Lorena Lobato Pardavila about 1 month ago

  • Target version changed from v3_5_1 to v3_5_2

Also available in: Atom PDF