GSA-TTS / tts-tech-operations

TTS Technology Operations
https://handbook.tts.gsa.gov/tech-operations/
Other
6 stars 0 forks source link

As [everyone], I don't want security vulnerabilities from out-of-date dependencies #17

Closed afeld closed 5 years ago

afeld commented 5 years ago

We need to ensure that software packages with known vulnerabilities are updated in a timely manner. In the two days since I got added as a GitHub owner yesterday, I have gotten 33 "One of your dependencies has a security vulnerability" emails from GitHub 🙀

afeld commented 5 years ago

Ha, totally forgot I pitched a 10x project around this.

afeld commented 5 years ago

Unfortunately, not seeing an API/setting to enable automated security fixes en masse. Emailed GitHub Support about it. Could maybe click through with Puppeteer in the meantime.

afeld commented 5 years ago

From GitHub Support:

You're in luck—the Enable automated security fixes and Disable automated security fixes API endpoints are currently available for developers to preview.

In addition, the enable-security-alerts-for-org.js script in the github/enable-security-alerts-sample repository can be used to enable security vulnerability alerts in all of the repositories in a given organization.

afeld commented 5 years ago

Announcement letter for TTS.

afeld commented 5 years ago
Archived 18F repositories

Will be going through and unarchiving ones I know to be in use, and as requested by TTS.

afeld commented 5 years ago

Proposal to make the letter a blog post: https://github.com/18F/blog-drafts/issues/743

afeld commented 5 years ago

Done! Open issues / pull requests are linked.

afeld commented 5 years ago

Code for this lives in ghad.