Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improve Existing Best Practice Guide]: Validating software dependencies (CT starter kit) using dependabot #73

Closed
jpl-jengelke opened this issue Nov 21, 2022 · 6 comments
Closed

[Improve Existing Best Practice Guide]: Validating software dependencies (CT starter kit) using dependabot #73

jpl-jengelke opened this issue Nov 21, 2022 · 6 comments
Assignees
@jpl-jengelke
Labels
medium complexity Ticket is relatively straightforward but may have a difficult sub-task requested Requested by community members at a low level

Comments

@jpl-jengelke
Copy link
Contributor

jpl-jengelke commented Nov 21, 2022
edited
Loading

Checked for duplicates

Yes - I've already checked

Describe the needs

This is intended for the Continuous Testing Starter Kit.

It's desirable for OSS publishers to implement automatic security and bug scanning of software dependencies used within their repo. This SK will provide a guide on implementing basic dependabot checking for a software project with configurable options. It's GitHub Actions-based process that will be helped with a simple template.
@jpl-jengelke jpl-jengelke changed the title [New Best Practice Guide]: Validating software dependencies using dependabot [Improve Existing Best Practice Guide]: Validating software dependencies using dependabot [CT starter kit] Nov 21, 2022
@jpl-jengelke jpl-jengelke changed the title [Improve Existing Best Practice Guide]: Validating software dependencies using dependabot [CT starter kit] [Improve Existing Best Practice Guide]: Validating software dependencies (CT starter kit) using dependabot Nov 21, 2022
@riverma
Copy link
Collaborator

riverma commented Nov 21, 2022

Hi @jpl-jengelke - this is pretty interesting - is using dependabot free? The GitHub security page seems to imply this is a paid service? If so - a stand-alone GitHub action workflow file to add it to a given repo would be super useful, along with integration of this into your slim-starterkit-python and other repos. Probably very light overview of the dependabot solution as well as links to existing docs.

@jpl-jengelke
Copy link
Contributor Author

The implementations I have used are all no cost.

@riverma
Copy link
Collaborator

riverma commented Nov 22, 2022

That's great to hear @jpl-jengelke

@riverma
Copy link
Collaborator

riverma commented Nov 22, 2022
edited
Loading

Oh by the way, @jpl-jengelke can you please add labels to this ticket? Looking for the complexity level and the level of interest (requests) for this from the community. For the latter, we have one team interested in dependency management, and that's Unity. So at the least we can state "requested" until we check in with them for more. Also the category - which is likely "software lifecycle".

@jpl-jengelke jpl-jengelke added requested Requested by community members at a low level medium complexity Ticket is relatively straightforward but may have a difficult sub-task labels Nov 22, 2022
@riverma riverma moved this to 🏗 In progress in SLIM Planning Board Nov 28, 2022
jpl-jengelke added a commit that referenced this issue Dec 16, 2022
@jpl-jengelke
Issue #73: Initial setup of CT Starter Kit narrative. ...
5511e78
@jpl-jengelke jpl-jengelke mentioned this issue Dec 16, 2022
Merged
jpl-jengelke added a commit that referenced this issue Dec 19, 2022
@jpl-jengelke
Issue #73: Adding Dependabot version and security updates to the soft…
7750038 
…ware composition analysis section of the continuous testing starter kit. ...
jpl-jengelke added a commit that referenced this issue Dec 22, 2022
@jpl-jengelke
Issue #73: Modifications per suggested changes in pull request. ...
3a8f832
jpl-jengelke added a commit that referenced this issue Dec 22, 2022
@jpl-jengelke
Issue #73: Consistency in link destinations -- repointed to 'main' wh…
8fd0be4 
…ich will not have some files until another PR is merged. ...
jpl-jengelke added a commit that referenced this issue Dec 23, 2022
@jpl-jengelke
Issue #73: Minor change in text. ...
fdebcba
jpl-jengelke added a commit that referenced this issue Jan 10, 2023
@jpl-jengelke @riverma
Issue #73: Update continuous-testing/starter-kits/README.md with lang…
9acc33f 
…uage update. ...

Co-authored-by: Rishi Verma <[email protected]>
@riverma riverma moved this from 🏗 In Progress to 👀 In Review in SLIM Planning Board Jan 12, 2023
jpl-jengelke added a commit that referenced this issue Feb 3, 2023
@jpl-jengelke
Merge pull request #84 from NASA-AMMOS/issue_73
5f8f461 
Issue #73: Release of CT Starter Kit Dependabot narrative. ...
@jpl-jengelke jpl-jengelke mentioned this issue Feb 3, 2023
Closed
@riverma riverma moved this from 👀 In Review to ✅ Work Complete in SLIM Planning Board Feb 13, 2023
@riverma riverma mentioned this issue Sep 27, 2023
Closed
@riverma
Copy link
Collaborator

riverma commented Sep 27, 2023

@jpl-jengelke - is this ticket complete? Please close if so.

@jpl-jengelke
Copy link
Contributor Author

Closing as this has been published.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpl-jengelke jpl-jengelke

Labels
medium complexity Ticket is relatively straightforward but may have a difficult sub-task requested Requested by community members at a low level
Projects
SLIM Planning Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@riverma @jpl-jengelke