search

FlexMeasures / flexmeasures

The intelligent & developer-friendly EMS to support real-time energy flexibility apps, rapidly and scalable.
https://flexmeasures.io
Apache License 2.0
142 stars 35 forks source link

Rename dependency files for Snyk to recognize them #878

Open nhoening opened 10 months ago

nhoening commented 10 months ago

Within the LFX Security service, Snyk is attempting to scan security risks in this repo.

Snyk uses the pattern **/*req*.txt to find requirements files, and it can't seem to be coerced to try anything else.

I guess if we rename our dependency files from (for example) app.txt to app-requirements.txt, then Snyk finds them after all. We don't need a Snyk account for LFX Security, but we could try out locally with the Snyl CLI if the naming is actually the culprit (and if renaming solves it). For that, we probably should make an account.

We might need to follow up with the renaming in a couple of other places, of course, like the Dockerfile or other CI-related things.

nhoening commented 9 months ago

Our LFX Security dashboard: https://security.lfx.linuxfoundation.org/#/a092M00001LkH4sQAF/overview

A ticket I created to state what I did and how they can help us: https://jira.linuxfoundation.org/plugins/servlet/desk/portal/4/SUPPORT-22038