simbo1905
commented
5 years ago I ran:
npm install -g snyk
snyk wizardThis created a .synk file and patched the security warnings. At the moment I am not able to see the ocd-scm org in synk otherwise I am thinking to simply setup monitoring over there. Then again that won't help anyone with a private fork. This ticket needs some more thought about whether it is the right approach or whether there are other approaches that could be taken.
github is scanning the latest repo and puts up a warning saying that there are vulnerabilities. we can have a chatbot script that looks to see if there are such warnings and have the bot announce that it might need an upgrade.