Closed MaggieFero closed 3 years ago
bmvermeer
commented
3 years ago Hi @MaggieFero
It depends on how extensive the instructions will be. I am curious how you got stuck maybe we can learn from that and improve the process. I suggest you create a PR with a GETTING-STARTED.MD file that holds the instructions and we can take it from there.
Thank you 🙏
Ryuno-Ki
commented
3 years ago @MaggieFero Any updates? :)
MaggieFero
commented
3 years ago Not yet! I got a colleague to let me watch in and grab screenshots as they did their set-up for reference, but my company takes turns on support shifts and I was saving the writing part for mine. My support shift is this week, though, so hopefully I'll have a draft soon!
On Tue, Jan 26, 2021, 11:50 AM André Jaenisch notifications@github.com wrote:
@MaggieFero https://github.com/MaggieFero Any updates? :)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/snyk/vulncost/issues/50#issuecomment-767786341, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANDZS665LTDX6DMOHP3LHLS34MGJANCNFSM4VUBXRVQ .
ehelbig1
commented
3 years ago @MaggieFero Any update on this?
There's very little documentation, beyond installing the extension in VS Code, for this. It doesn't appear to work out of the box either. I created a very simple node project, with a known vulnerable dependency, to test out the functionality and while NPM is reporting the vulnerabilities, this extension reports that everything is fine. I'm assuming this is a configuration issue but I can't find any helpful information on how to configure the extension.
MaggieFero
commented
3 years ago @ehelbig1 Thanks for poking! I had been almost-done the last time I commented when a browser update wiped out my progress because I made the amateur mistake of drafting in Github. Because of your comment, I finally finished my draft today, and you can see it in the PR here: https://github.com/snyk/vulncost/pull/54
I'd love it if you could take a look, because I think there might have been a different option instead of the "Fix Vulns"/"Learn about this package" ones before login, but I couldn't reproduce that. If it says something else for you, can you please tell me what so I can update?
ehelbig1
commented
3 years ago @MaggieFero The documentation looks great! I can't recall if there was another option before authenticating and can't seem to unauthenticate to check. Thanks for writing this!
I got super-stuck on my first-time setup of the vuln cost extension and promised the person who helped me get started that I'd write up the information that would've helped me start on my own. I'm not sure where to put it, though, and I'm a new contributor, so I'd rather open an issue than try to guess.
I could see adding a link in the readme to another markdown file in this repo, just adding a "Getting Started" or "Setup" section to the end of the existing readme, or putting it somewhere else. If you don't want a doc like this for the project, I suppose I could write it up as a blog post somewhere, but I'd like to at least offer here first!
The writing style/approach is probably going to be slightly different depending on where it's going, so I'm not going to include a draft here, but I expect about one paragraph of conceptual information about how the alerts appear in each of the two places and a procedure for fixing your first vuln (including where to click and how the authentication step works, both of which tripped me up).