donoghuc
commented
2 years ago We have had some issues with GH actions not triggering when the PR is raised from a fork. It may only be a problem with private repos though.
Closed lucywyman closed 2 years ago
donoghuc
commented
2 years ago We have had some issues with GH actions not triggering when the PR is raised from a fork. It may only be a problem with private repos though.
rileynewton
commented
2 years ago Closing in favor of #177
This adds the Github action for using Snyk to scan for dependency vulnerabilities in Vanagon projects. Bolt doesn't add any additional dependencies on top of puppet-runtime besides itself, so this should pretty much duplicate the puppet-runtime scans, but adding it here so the scan runs more often, reports to Snyk, and still does scans if we do ever add additional dependencies here.