feat: included dependency review

defenseunicorns / uds-package-gitlab

🏭 UDS GitLab Zarf Package

Apache License 2.0

6 stars 3 forks source link

feat: included dependency review #75

Closed naveensrinivasan closed 2 months ago

naveensrinivasan commented 4 months ago

Description

The dependency review will address CVE and license issues.

Related Issue

https://github.com/defenseunicorns/uds-software-factory/issues/28

Type of change

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Other (security config, docs update, etc)

Checklist before merging

[ ] Test, docs, adr added or updated as needed
[ ] Contributor Guide Steps followed

Racer159 commented 4 months ago

This doesn't really answer the needs of the CVE scanning / license check issue - the only dependencies this action will capture are actions most of which come from uds-common anyway (minorly helpful, but nothing we actually ship)

We need to introspect packages to look at charts, and especially images

Racer159 commented 2 months ago

closing in favor of #98 once that is ready