Late to the game here, as I see this was merged today... The addition of the Gradle versions plugin is good and hopefully we can go farther down the path of dependency scanning by adding security as well. Currently, GitHub has this setup for Ruby and JavaScript [1], however it is lacking Java dependencies. Until GitHub can support Java dependencies, I would suggest we look at other tools, such as snyk.io [2], for tracking our dependencies with security vulnerabilities.
--Mark [1] https://github.com/blog/2470-introducing-security-alerts-on-github [2] https://snyk.io/ On Fri, Feb 9, 2018 at 4:06 PM, Anthony Baker <aba...@pivotal.io> wrote: > Hi all, > > I’ve got a PR [1] open that updates lots of dependencies. Please review > and let me know if you have any concerns. I’d like to merge it early next > week barring any objections. > > Thanks, > Anthony > > [1] https://github.com/apache/geode/pull/1400 < > https://github.com/apache/geode/pull/1400> > >
