Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automation #1

Open
spekulatius opened this issue Aug 4, 2015 · 4 comments
Open

Automation #1

spekulatius opened this issue Aug 4, 2015 · 4 comments

Comments

@spekulatius
Copy link
Member

Writing a queuedjob to check regularly and sending results via email to a defined address

@robbieaverill
Copy link
Contributor

This could even be a configuration flag like notification_email that devs could set to true to an email address and we could just automatically compile a list of new CVEs that are detected during the import process, and have that fired off - thoughts on that?

@spekulatius
Copy link
Member Author

That would be awesome @robbieaverill. I guess devs aren't going to check the reports often unless asked to do. An email could help to get more attention to it.

@phptek
Copy link

phptek commented Nov 29, 2018

In addition to a queuedjob, something should be printed to stdout/browser when invoking composer install / composer update in a similar vain to friendsofsilverstripe/release-notifications. It can even be a shell script run from composer.json in a "scripts" block.

@ScopeyNZ
Copy link
Contributor

There is the https://github.com/Roave/SecurityAdvisories package that you can install that will create composer conflicts with composer packages with known security vulnerabilities. That might interest you?

We're working on making sure that the known list of vulnerabilities (https://www.silverstripe.org/download/security-releases/) is accessible to modules like that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants