greysteil
commented
4 years ago I would definitely accept a PR that added an action to do that. Longer term I'd like to add support for Elixir to github.com/advisories so following advisories gets easier.
Closed jeroenvisser101 closed 2 years ago
greysteil
commented
4 years ago I would definitely accept a PR that added an action to do that. Longer term I'd like to add support for Elixir to github.com/advisories so following advisories gets easier.
jeffwidman
commented
2 years ago This seems very relevant: https://github.com/dependabot/elixir-security-advisories/issues/2#issuecomment-1168043737
I'm closing this, as the missing plumbing between the advisory DB and generating alerts isn't really relevant to this repo, which is more of a "poor man's advisory DB".
We've already got an internal issue tracking adding this plumbing, but given all the things on that team's plate, I doubt that will be high priority anytime soon.
I'm currently watching this repository (which is a great idea!), but get notifications for unrelated dependency updates too (from dependabot). Is it possible to make a release every time a advisory is posted? One could then only subscribe to releases. It might even be possible to automate this process when a release is posted using GitHub Actions.