Details
-
Improvement
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
-
None
Description
Considering the release automation webapp:
- is connected to Jira and Bitbucket
- can run Maven commands
- has cron jobs defined
We could implement a dependency bot, considering Dependaroo's status hasn't changed in months. This would help seeing less CVEs.
We'd need to filter out the quantity of upgrades because we're so far behind. A suggestion is to look up the date of the release. If we only look for releases that happened in the last week or so, then we won't be overwhelmed and will be able to process what comes in.
The definitive implementation diagram can be seen at: https://git.magnolia-cms.com/projects/INTERNAL/repos/magnolia-mgmt/browse/magnolia-dependency-bot.svg
Checklists
Acceptance criteria