Tbaut
commented
4 years ago Not sure why we should wait for more tests to enable security scanning on all repo. Adding tests on front-end for instance might take a while.
Open kirushik opened 4 years ago
Tbaut
commented
4 years ago Not sure why we should wait for more tests to enable security scanning on all repo. Adding tests on front-end for instance might take a while.
kirushik
commented
4 years ago @Tbaut probably there's some misunderstanding.
All the security tools we have currently set up are expecting single app located in the root of the repo.
I've overridden that by pointing tools to auth-server subfolder.
We need to set the tools (those or similar replacements) to also do their job in all other relevant projects — but I didn't have enough time to figure out how to do so.
The presence of tests is only relevant as my method of picking the single subproject to spend my effort on. It could've been any other subfolder — but those seems to be not maintained well, so the effort waste would be even higher with them.
That's all. Please enable security tools on all other subservices.
As a follow up of #547, we need to enable security scanning for all the subrepos of this project; currently we only scan
auth-server, since everything else still doesn't have tests and needs some more love before actually becoming "production-ready".