CLAassistant
commented
1 year ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
This PR adds security controls in support of vulnerability scanning for third party packages as well as first party code.
Snyk is already implemented, but these actions bring the Cypress Tools into alignment with our vulnerability management strategy. The actions that this pull request introduces send the scan results back to the Snyk dashboard. The Snyk dashboard is then coupled with branch protection rules that dictate our levels of protection by blocking PRs where this git action fails as a check.
Once the solution is fully implemented, the failures you see on the PR related to this would prevent merges of the code to the 'develop' and 'master' branches. The exit status it failed with today indicates that there is a critical vulnerability in the code base. This PR aims to increase this type of visibility.