Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Thursday, 12-Jan-2023 00:35:34 JST Alex Gleason

I set up a dependency scanner in Soapbox two weeks ago. It detected 20 vulnerabilities in our build process (that would be CI runners and development machines, none affecting users or the build itself). Squashed them all and now there’s zero.
In conversation Thursday, 12-Jan-2023 00:35:34 JST from gleasonator.com permalink
Attachments
1. Untitled attachment
  https://media.gleasonator.com/508581780eba85381e4a0ebbce51a397c2c7230319c33d195f0a41a12964bed2.png
- Embed this notice
  Alex Gleason (alex@gleasonator.com)'s status on Thursday, 12-Jan-2023 03:56:57 JST Alex Gleason
  in reply to
  - Tassoman
  @tassoman We use Renovate on GitLab. It runs a CI on a schedule: https://gitlab.com/soapbox-pub/ci/renovate
  This repo doesn’t store code, and exists only for the purpose of running the CI. Did you know you can use GitLab to manage your cron jobs? Pretty awesome.
  In conversation Thursday, 12-Jan-2023 03:56:57 JST permalink
  Attachments
  1. Untitled attachment
- Embed this notice
  Tassoman (tassoman@orwell.fun)'s status on Thursday, 12-Jan-2023 03:56:59 JST Tassoman
  in reply to
  
  Does GitLab have something like the «dependabot»? Did you this?
  Maybe an Dependalexbot?
  
  In conversation Thursday, 12-Jan-2023 03:56:59 JST permalink

Feeds