fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00

History

Victor Lyuboslavsky 7458100167 Added inlined dependencies vulnerability scanning (#38729 ) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #31605 I manually scanned our inlined dependencies for vulnerabilities and did not find any relevant ones. I added a dummy directory pointing at the source of our inlined dependencies so that automated vuln scanning tools can scan them. I did not include Kolide since the code was heavily adapted and only included a few tables. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Established infrastructure for automated vulnerability scanning of inlined third-party dependencies in Go and JavaScript environments, with comprehensive documentation and configuration to enable scanning via standard tools. * Chores * Updated gitignore configuration to refine dependency file tracking across the project. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-01-26 11:24:46 -06:00
..
vuln-check	Added inlined dependencies vulnerability scanning (#38729 )	2026-01-26 11:24:46 -06:00
README.md	Updated httpsig-go library to 1.2.0 and removed vendored version. (#32426 )	2025-08-28 14:28:30 -05:00

Victor Lyuboslavsky 7458100167

Added inlined dependencies vulnerability scanning (#38729 )

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #31605

I manually scanned our inlined dependencies for vulnerabilities and did
not find any relevant ones.

I added a dummy directory pointing at the source of our inlined
dependencies so that automated vuln scanning tools can scan them. I did
not include Kolide since the code was heavily adapted and only included
a few tables.



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Established infrastructure for automated vulnerability scanning of
inlined third-party dependencies in Go and JavaScript environments, with
comprehensive documentation and configuration to enable scanning via
standard tools.

* **Chores**
* Updated gitignore configuration to refine dependency file tracking
across the project.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2026-01-26 11:24:46 -06:00

vuln-check

Added inlined dependencies vulnerability scanning (#38729 )

2026-01-26 11:24:46 -06:00

README.md

Updated httpsig-go library to 1.2.0 and removed vendored version. (#32426 )

2025-08-28 14:28:30 -05:00

README.md

This directory is for vendored third party libraries. See: https://github.com/fleetdm/fleet/blob/main/docs/Contributing/adr/0004-third-party-vendoring.md