Problem
See the project's design doc.
Solution & Acceptance Criteria
- Make sure the Snyk config for thjis project is correct.
- Make a PR to update dependencies to address any flagged issues.
- Add a task in our Evergreen release workflow that will fail if there are any high or critical vulnerabilities in our deps.
- Figure out how to deal with false positives where we don't want to upgrade (or where no upgrade is available yet). I think the answer is that we can manually tell Snyk to ignore these via their web console.
- is depended on by
-
TOOLS-3537 Create the SSDLC report template
- Closed
-
TOOLS-3538 Update our release documentation with new SSDLC-related stuff
- Closed
- links to