Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This PR introduces a CI job to periodically scan the OpenVDB repository for security vulernatiblities. This CI job requires coordination with John Mertic (jmertic) and/or the OpenVDB maintainers to add both the `SNYK_ORG` and `SNYK_TOKEN` GitHub secrets to the GitHub configuration. Once these serets are added, then this PR can be merged with the appropriate review/approvals. The Snyk tool can be run on the command line at any time using: ```bash snyk auth ${SNYK_TOKEN} Your account has been authenticated. Snyk is now ready to be used. snyk test --unmanaged --org=${SNYK_ORG} Testing /Users/ddeal/projects/go/src/github.com/dealako/openvdb... Tested 1 dependency for known issues, found 0 issues. snyk monitor --unmanaged --org=${SNYK_ORG} Monitoring /Users/ddeal/projects/go/src/github.com/dealako/openvdb (openvdb)... Explore this snapshot at https://app.snyk.io/org/openvdb/project/${SNY_ORG}/history/4c82fd74-757b-40f3-8522-803ae4f84e0f Notifications about newly disclosed issues related to these dependencies will be emailed to you. ``` Contact John Mertic (jmertic) to access the above secrets or to gain access to the Snyk console. Signed-off-by: David Deal <[email protected]>
- Loading branch information