potiuk
commented
3 hours ago cc: @amoghrajesh - when you have time :)
Open potiuk opened 3 hours ago
potiuk
commented
3 hours ago cc: @amoghrajesh - when you have time :)
eladkal
commented
2 hours ago Maybe we can find a way for the scanner to run on the PR directly before we merge it?
There is a "security" tab in the airflow repository where code scanning produces new issues discovered in our code.
In order to drag attention to it, we should have an automation to post slack messages in a private "security" channel - this, similarly as in case of main failures - might help us with more "group" handling of noticing and handling such security reports.