Uploaded image for project: 'Build'
  1. Build
  2. BUILD-511

Implement a dependency bot (for boms properties)

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Considering the release automation webapp:

      • is connected to Jira and Bitbucket
      • can run Maven commands
      • has cron jobs defined

      We could implement a dependency bot, considering Dependaroo's status hasn't changed in months. This would help seeing less CVEs.

      We'd need to filter out the quantity of upgrades because we're so far behind. A suggestion is to look up the date of the release. If we only look for releases that happened in the last week or so, then we won't be overwhelmed and will be able to process what comes in.


      The definitive implementation diagram can be seen at: https://git.magnolia-cms.com/projects/INTERNAL/repos/magnolia-mgmt/browse/magnolia-dependency-bot.svg

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mmichel Maxime Michel
                mmichel Maxime Michel
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: