The security scanning jobs should only fail jobs if the PR adds a security issue

submariner-io / submariner

Networking component for interconnecting Pods and Services across Kubernetes clusters.

https://submariner.io

Apache License 2.0

2.38k stars 183 forks source link

The security scanning jobs should only fail jobs if the PR adds a security issue #2751

Open skitt opened 9 months ago

skitt commented 9 months ago

What happened:

Currently, security scanning jobs fail a PR if any of the project’s dependencies are identified as containing a known vulnerability. This prevents us merging PRs when a vulnerability is found, until the project updates to address that.

What you expected to happen:

PRs should only be blocked if they introduce a security vulnerability, i.e. add a dependency with a known vulnerability.

github-actions[bot] commented 5 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.