We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.

    • Icon: Task Task
    • Resolution: Done
    • Icon: L3 - Default L3 - Default
    • 3.10.0-alpha2, 3.10.0
    • None
    • None

      As part of https://jira.camunda.com/browse/OPT-5921, we evaluated replacing or supplementing dependabot with Snyk. While dependency management functionality is largely similar, Snyk offers more functionality in terms of security vulnerability scanning and also allows scanning of docker images, something we don't currently have. Furthermore, the cost of integration appears to be fairly low, and has also already been done by other teams so we have internal precedence

      ATs:

      • Snyk is used for docker image vulnerability scanning
      • Optional: Snyk is used for dependency management (it is also acceptable for this to stay with dependabot if there is good justification)
      • Code scanning can stay with sonar right now, and we can evaluate whether or not Snyk can replace this in future
      • Maintenance branches are still targeted for dependency updates

      Hints:

        This is the controller panel for Smart Panels app

            Loading...

              • Icon: Task Task
              • Resolution: Done
              • Icon: L3 - Default L3 - Default
              • 3.10.0-alpha2, 3.10.0
              • None
              • None

                As part of https://jira.camunda.com/browse/OPT-5921, we evaluated replacing or supplementing dependabot with Snyk. While dependency management functionality is largely similar, Snyk offers more functionality in terms of security vulnerability scanning and also allows scanning of docker images, something we don't currently have. Furthermore, the cost of integration appears to be fairly low, and has also already been done by other teams so we have internal precedence

                ATs:

                • Snyk is used for docker image vulnerability scanning
                • Optional: Snyk is used for dependency management (it is also acceptable for this to stay with dependabot if there is good justification)
                • Code scanning can stay with sonar right now, and we can evaluate whether or not Snyk can replace this in future
                • Maintenance branches are still targeted for dependency updates

                Hints:

                  This is the controller panel for Smart Panels app

                        Unassigned Unassigned
                        joshua.windels Joshua Windels
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        1 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                              Unassigned Unassigned
                              joshua.windels Joshua Windels
                              Votes:
                              0 Vote for this issue
                              Watchers:
                              1 Start watching this issue

                                Created:
                                Updated:
                                Resolved: