This PR integrates the repository with a reusable Snyk (GitHub action) workflow which will scan your code’s dependencies and alert you if vulnerabilities are found. This reusable workflow gives us reliability, control and consistency of how all our repositories are integrated with Snyk.
In particular, reliably integrated means we compare the hash of the last commit on your default branch to the one that Snyk last scanned, and make sure that they match.
This integration has already been tested to make sure scanning will work. Manual updates may also have been applied, which should be squash-merged to keep a tidier history.
If you think that this repository doesn’t belong to your team, please adjust the teams who have admin access in GitHub and talk to the DevX Security team
Feel free to review and merge this PR as a team, or the DevX Security team will do this on your behalf soon.
What does this change?
This PR integrates the repository with a reusable Snyk (GitHub action) workflow which will scan your code’s dependencies and alert you if vulnerabilities are found. This reusable workflow gives us reliability, control and consistency of how all our repositories are integrated with Snyk.
In particular, reliably integrated means we compare the hash of the last commit on your default branch to the one that Snyk last scanned, and make sure that they match.
This integration has already been tested to make sure scanning will work. Manual updates may also have been applied, which should be squash-merged to keep a tidier history.
If you think that this repository doesn’t belong to your team, please adjust the teams who have admin access in GitHub and talk to the DevX Security team
Feel free to review and merge this PR as a team, or the DevX Security team will do this on your behalf soon.