Skip to content

Add dependency review automation

Nikhil George requested to merge dependency_review_1 into master

What does this MR do and why?

This MR adds the Dependency review automation to GitLab pipeline. The aim of the automation is to

  • a) Identify non-maintained and untrusted dependency while they are added to code base
  • b) Assist Appsec dependency review process.

This automation adds a comment in the MR with dependency metadata and ping appsec to new dependency introduced in the MR. This automation currently check for new ruby gems.

This MR replaces !119096 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Nikhil George

Merge request reports

Loading