Migrate from Snyk to GitHub's security feature set

chaynHQ / soulmedicine

Soul Medicine a multilingual digital service designed to deliver critical safety information and supportive messaging in bite-sized pieces.

https://soulmedicine.io

MIT License

37 stars 9 forks source link

Migrate from Snyk to GitHub's security feature set #310

Closed tarebyte closed 1 year ago

tarebyte commented 1 year ago

To reduce the number of third party integrations and overhead, we'd like to move from Snyk to GitHub's secuirty feature.

[x] Enable Code Scanning Alerts via https://github.com/chaynHQ/soulmedicine/security/code-scanning
[x] Have an Snyk account admin remove the integration to this organization or repository
[x] Close outstanding issues and pull requests from Snyk as Dependabot has these covered.

issyl0 commented 1 year ago

I might be biased since I work on the code scanning product, but the first item here sounds good even if we choose to keep Snyk (which I always spell as Synk first time).

issyl0 commented 1 year ago

https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository

This is the recommended way to enable Code Scanning, but it needs a repo admin to do so. Not sure if we want to do this yet or if we'll get a shock because everything's so old. 😂

tarebyte commented 1 year ago

@issyl0 personally I think it'd be nice to have sooner than later so we know which ones are dependency related and which ones are code fixes we can do outside of the upgrade process.

seanmarcia commented 1 year ago

I've removed Snyk :)