This PR introduces a CI job to periodically scan the OpenVDB repository
for security vulernatiblities. This CI job requires coordination with
John Mertic (@jmertic) and/or the OpenVDB maintainers to add both the
SNYK_ORG and SNYK_TOKEN GitHub secrets to the GitHub configuration.
Once these serets are added, then this PR can be merged with the
appropriate review/approvals. The Snyk tool can be run on the command
line at any time using:
snyk auth ${SNYK_TOKEN}
Your account has been authenticated. Snyk is now ready to be used.
snyk test --unmanaged --org=${SNYK_ORG}
Testing /Users/ddeal/projects/go/src/github.com/dealako/openvdb...
Tested 1 dependency for known issues, found 0 issues.
snyk monitor --unmanaged --org=${SNYK_ORG}
Monitoring /Users/ddeal/projects/go/src/github.com/dealako/openvdb (openvdb)...
Explore this snapshot at https://app.snyk.io/...
Notifications about newly disclosed issues related to these dependencies will be emailed to you.
Contact John Mertic (@jmertic) to access the above secrets or to gain
access to the Snyk console.
This PR introduces a CI job to periodically scan the OpenVDB repository for security vulernatiblities. This CI job requires coordination with John Mertic (@jmertic) and/or the OpenVDB maintainers to add both the
SNYK_ORG
andSNYK_TOKEN
GitHub secrets to the GitHub configuration. Once these serets are added, then this PR can be merged with the appropriate review/approvals. The Snyk tool can be run on the command line at any time using:Contact John Mertic (@jmertic) to access the above secrets or to gain access to the Snyk console.
Signed-off-by: David Deal ddeal@linuxfoundation.org