Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3534

Integrate this project with Snyk for third-party vulnerability scanning

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 100.9.5
    • Affects Version/s: None
    • Component/s: None
    • None
    • 3
    • TAR 2024-05-13
    • Tools and Replicator
    • 2
    • Not Needed

      Problem

      See the project's design doc.

      Solution & Acceptance Criteria

      • Make sure the Snyk config for thjis project is correct.
      • Make a PR to update dependencies to address any flagged issues.
      • Add a task in our Evergreen release workflow that will fail if there are any high or critical vulnerabilities in our deps.
      • Figure out how to deal with false positives where we don't want to upgrade (or where no upgrade is available yet). I think the answer is that we can manually tell Snyk to ignore these via their web console.

            Assignee:
            dave.rolsky@mongodb.com Dave Rolsky
            Reporter:
            dave.rolsky@mongodb.com Dave Rolsky
            Evgeni Dobranov, Huan Li (Inactive), Johnny DuBois
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: