Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Streamline when vulnerability scans run #864

Open
lorenyu opened this issue Feb 3, 2025 · 0 comments
Open

Streamline when vulnerability scans run #864

lorenyu opened this issue Feb 3, 2025 · 0 comments
Labels
domain: security Security or compliance issue scope: ci/cd GitHub actions workflows type: devex Developer experience

Comments

@lorenyu
Copy link
Contributor

lorenyu commented Feb 3, 2025
edited
Loading

Vulnerability scans run on many PRs even when the chance that the PR introduced a breaking change is low. It would be better to narrow the paths that trigger vulnerability scans on pull requests, and instead add a scheduled trigger to run vulnerability scans on a regular basis to catch issues that are caused by new vulnerabilities being added to the database rather than code being changed. This will help reduce false positives that block PRs while at the same time increase the ability to monitor and catch new vulnerabilities. See proof of concept here: navapbc/platform-test#169 and additional slack context here 🔒 https://nava.slack.com/archives/C03G1SWD9H7/p1738181871033669
@lorenyu lorenyu added domain: security Security or compliance issue scope: ci/cd GitHub actions workflows type: devex Developer experience labels Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
domain: security Security or compliance issue scope: ci/cd GitHub actions workflows type: devex Developer experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lorenyu