Actually sorry, that's just the dependabot alerts, but we should set these up as well. To enable code scanning, you can see how it was done for CXF here:
https://github.com/apache/cxf/tree/master/.github Colm. On Thu, Dec 9, 2021 at 3:56 PM Colm O hEigeartaigh <[email protected]> wrote: > > We can enable GitHub code scanning just by filing an INFRA ticket, > e.g. https://issues.apache.org/jira/browse/INFRA-22348 > > Colm. > > On Wed, Dec 8, 2021 at 11:55 AM Otavio Rodolfo Piske > <[email protected]> wrote: > > > > BTW, it seems that Apache has a SonarCloud account [1] [2]. > > SonarCloud/SonarQube is not listed there, but it does seem to be available > > [3]. So, maybe that's something to consider as well. > > > > 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > > 2. https://sonarcloud.io/organizations/apache/projects > > 3. https://github.com/apps/sonarcloud > > > > > > On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <[email protected]> > > wrote: > > > > > Claus, I think that it would be helpful and volunteer to help with > > > anything that is needed. > > > > > > Given the size and complexity of our code base, issues may pass through - > > > even with the attentive eyes of the community. So, for me, it's a big +1. > > > > > > Kind regards > > > > > > On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <[email protected]> wrote: > > > > > >> Hi > > >> > > >> I wonder if we should setup code scanning on github for Apache Camel > > >> https://github.com/apache/camel/security/code-scanning > > >> > > >> And in such case which one? Should we go with the one from github > > >> (CodeQL Analysis) > > >> > > >> > > >> -- > > >> Claus Ibsen > > >> ----------------- > > >> http://davsclaus.com @davsclaus > > >> Camel in Action 2: https://www.manning.com/ibsen2 > > >> > > > > > > > > > -- > > > Otavio R. Piske > > > http://orpiske.net > > > > > > > > > -- > > Otavio R. Piske > > http://orpiske.net
