Add dependency scanning template
What does this MR do?
I clicked on the menu item on GitLab Security & Compliance > Dependency List and it wasn't set up.
Apparently it's as simple as adding these two lines, see docs at https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#configuration.
This should give us a nice list showing if we have any vulnerable versions of things. I guess it would only work for the composer deps (and I didn't see any options for including some nodejs paths... but maybe that can come later...).
How confident are you it won't break things if deployed?
I didn't even know about these include templates, and I can half imagine something doesn't quite work, but with this kind of change I think we just need to do it and see what happens. It might only really do anything on master branch too.
Links to related issues
Checklist
-
added a test, or explain why one is not needed/possible... not testable -
no unrelated changes -
asked someone for a code review -
joined #foodsharing-beta channel at https://slackin.yunity.org -
added an entry to CHANGELOG.md (description, merge request link, username(s)) -
Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings
Edited by Nick Sellen