search

trezor / trezor-suite

Trezor Suite Monorepo
https://trezor.io/trezor-suite
Other
714 stars 248 forks source link

Integrate Snyk into CI #897

Open prusnak opened 4 years ago

prusnak commented 4 years ago

Evaluate the usage of https://snyk.io/

We already use GitHub Security Alerts, but the more the merrier :-)

mroz22 commented 4 years ago

And yarn audit could push us even furtherer :D

https://yarnpkg.com/lang/en/docs/cli/audit/

matejzak commented 3 years ago

@matejkriz Please evaluate. Thanks!

matejkriz commented 3 years ago

It would be very nice to have it, it could save us from potential security issues.

The integration could be pretty easy, but setup process to benefit from it could be harder. And the fees are pretty high.

I believe it's worth to test if for a month or so.

mroz22 commented 3 months ago

isn't this obsolete with advent of socket.dev?