codehaus


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Configuring/sharing Airflow github repo security alerts


Thanks Feng for the suggestion. Just file
https://issues.apache.org/jira/browse/INFRA-17470.

On Tue, Dec 18, 2018 at 6:25 PM Feng Lu <fenglu@xxxxxxxxxx.invalid> wrote:

> Cool, thank you Ash. Kindly let us know when you have opened the INFRA jira
> ticket.
>
> On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor <ash@xxxxxxxxxxxxxx>
> wrote:
>
> > We're not admins of the repo - only the ASF Infra team are, so we'll
> > have to open an ticket against the INFRA queue in jira asking for this
> >
> > (I haven't done this. Not on large device right now)
> >
> > -a
> >
> > Feng Lu wrote on 18/12/2018 08:01:
> > > Hi all,
> > >
> > > Looks like GitHub now adds a new "Security Alert" feature
> > > <
> >
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> > >
> > > for tracking dependency CVEs, unfortunately I couldn't find it in
> Airflow
> > > repo. <https://github.com/apache/incubator-airflow/pulse> So if it
> makes
> > > sense to the community, could Airflow repo admin (assume it means PMC
> > > members ;p) help to enable the alert feature and make it publicly
> > > available?
> > >
> > > Happy to take a stab myself if I have the access permission.
> > > Thanks.
> > >
> > > Feng
> > >
> >
> >
>