greysteil
commented
6 years ago @mijuhan - is there anyone from your team we should talk to about having the data in this repo contribute to security alerts for Elixir (as/when they happen)?
Open greysteil opened 6 years ago
greysteil
commented
6 years ago @mijuhan - is there anyone from your team we should talk to about having the data in this repo contribute to security alerts for Elixir (as/when they happen)?
mijuhan
commented
6 years ago Thanks for the feature request! We are not ready at this point to accept contributions but will let you know when we are.
axelson
commented
2 years ago Is this still planned? It would be great to have.
greysteil
commented
2 years ago It is! It helps that I work at @github now! :octocat:
No promises on timeline, but we're aiming for the next six months.
axelson
commented
2 years ago That's great to hear! Thanks!
greysteil
commented
2 years ago This should help: Elixir advisories are now included in the GitHub Advisory Database.
(Not full support for alerts yet, so I won't close this out. It should be relatively straightforward to write an Action for Elixir that submits dependencies to the GitHub dependency graph, and that, combined with the data in the advisory database, will trigger alerts.)
greysteil
commented
2 years ago OK, with the above, I think it's time we archived this repo. All of the data from it is in the GitHub advisory database (repo here) and can be fetched via its GraphQL API.
@jeffwidman if you could do the honours that would be 💯.
jeffwidman
commented
2 years ago Also, FWIW we've already got an internal issue tracking adding this plumbing, but given all the things on that team's plate, I doubt that will be high priority anytime soon. In the meantime, as @greysteil suggested above it should be easy enough to write your own action that wires this together.
Currently GitHub's Security Alerts service only support Ruby and JavaScript. It would be awesome to have it support Elixir, too, and this repo might help