Enable periodic checking of dependencies for vuln Python packages

RSE-Sheffield / RSEAdmin

A Resource Allocation and Finance tool for RSE Groups

https://rseadmin.readthedocs.io/en/latest/

MIT License

24 stars 6 forks source link

Enable periodic checking of dependencies for vuln Python packages #153

Closed willfurnass closed 3 years ago

willfurnass commented 3 years ago

Dependabot doesn't seem to be working for this repo!

Could enable periodic checks with e.g. Safety or Trivy. The latter definitely understands poetry.lock files. The former can't read a poetry.lock directly but is still an option.

Best to implement as a GitHub Action (see also Issue #152) rather than hack these checks into our Travis configs.

willfurnass commented 3 years ago

Dependabot now seems to be working. Closing.