security, version and license alerts for dependencies

Hello all!

anyone using a tool/github integration for checking security, version and license of dependencies?

Would be nice if you would share your opinion/experience on this :slight_smile:

On github I found

1 Like

I’ve heard recommended. (I haven’t used it myself.)

1 Like

OWASP is the authority on web security so…odds are it’s probably worth it. Being an EMR – security is important…

Thanks darius!

I am leaning to github integration though, I want this to be publicly visible to anyone. So everyone is reminded of this as being an important duty and that anyone can take action. Plus for ex. version eye sends notifications if a security issue comes up in one of the used libraries. And we could define a list of licenses that openmrs finds acceptable and it would check for violations, also a nice feature (reminds me of the discussion about highcharts)

owasp needs to download quite some data in order to run and I could only integrate it with a Jenkins ci. I think this would lead to not being used regularly :slight_smile:

I will post my experiences soon :slight_smile: