Closed kenoir closed 3 months ago
Follows https://github.com/wellcomecollection/catalogue-api/pull/766 this change pushes the scala dependency graph to the GitHub API to surface vulnerabilities.
We don't need access to S3 as with other similar pull requests as we're not pulling our own deps (we build them here).
Part of https://github.com/wellcomecollection/platform-infrastructure/issues/431
Depends on https://github.com/wellcomecollection/aws-account-infrastructure/pull/19
This change also adds the stale GitHub workflow.
Visibility on dependencies and vulnerabilities.
This change should help manage / reduce risk.
What does this change?
Follows https://github.com/wellcomecollection/catalogue-api/pull/766 this change pushes the scala dependency graph to the GitHub API to surface vulnerabilities.
We don't need access to S3 as with other similar pull requests as we're not pulling our own deps (we build them here).
Part of https://github.com/wellcomecollection/platform-infrastructure/issues/431
Depends on https://github.com/wellcomecollection/aws-account-infrastructure/pull/19
This change also adds the stale GitHub workflow.
How to test
How can we measure success?
Visibility on dependencies and vulnerabilities.
Have we considered potential risks?
This change should help manage / reduce risk.