[Suggestion] Collecting vulnerabilities on application dependencies

pyama86 / vaz

vaz is a client for managing vulnerabilities on veeta.org. We will release you from the troublesome work we have done so far

https://veeta.org

GNU General Public License v3.0

8 stars 1 forks source link

[Suggestion] Collecting vulnerabilities on application dependencies #5

Open ackintosh opened 6 years ago

ackintosh commented 6 years ago

In order to manage vulnerabilities for application dependencies(npm, gem, etc), what about collecting dependencies information of application via vaz?

The issue I'd like to resolve is the weakness of managing vulnerabilities on CI:

CI will be triggered on actions somewhat.(e.g. push to github)
In other words, that means CI is never triggered without actions.

I think we need something which checks application vulnerabilities on a regular basis in another way than CI.

Any thoughts?

ackintosh commented 6 years ago

Realized that the following CIs supports scheduled jobs. 💡

https://circleci.com/blog/manual-job-approval-and-scheduled-workflow-runs/ https://docs.travis-ci.com/user/cron-jobs/

pyama86 commented 6 years ago

https://twitter.com/pyama86/status/1031415321020706816

we plan to correspond widely to parts other than Linux package in next release. rather, let's make it together. don't you want to change the world?