versioneye is shutting down, replacing it with snyk

Hi there,

its said that Versioneye, which I’ve added to visualize outdated/vulnerable dependencies on openmrs-core (see dependencies badge on github readme), is shutting down:

I’ve looked at http://snyk.io/ and http://gemnasium.com/ which were recommended by VersionEye’s creator.

Snyk simply worked within minutes and VersionEye already relied on its vulnerability DB.

Its free for open source (so we can also add other openmrs projects :smile: ), integrates well with github (can fail PRs adding new dependencies with known vulnerabilities) and could also create automatic PRs to update dependencies (if we wanted).

I therefore suggest to replace it with Snyk

@dkayiwa I have added you to the openmrs organisation on snyk (you should have gotten an email) I don’t have enough privilege on github to add openmrs-core and for example webservices. Can you please add them at https://snyk.io/org/openmrs/projects?

2 Likes

Thanks @teleivo for the great initiative! :slight_smile:

Can you try again and tell me if you can now add openmrs-core and any other modules that you want?

worked, thanks :blush:

am fiddling with the readme so we can see the vulnerabilities for our submodules which should be done soon.

@dkayiwa @darius @raff I’ve invited you to the organization on https://snyk.io/org/openmrs as administrators. If you accept you’ll be able to add other openmrs repos so they are tested as well. I am happy to add others (just send me your email in a PM), you can do to. I don’t think it is possible to sync this with our github organization/users.

@teleivo that is awesome! :smile: