Design: Detect vulnerabilities in vendored JavaScript libraries using Gemnasium

Proposal

Retire.js is able to report vulnerabilities affecting JavaScript files detected in the scanned directory, including minified JS libraries, but Gemnasium is currently unable to do that. This feature should be ported to the gemnasium project, in order to increase velocity and reduce maintenance cost.

To be split into 3 issues or more, to cover these:

  • extend the schema of the vulnerability database
  • feed the vulnerability database
  • update Gemnasium to process the new data, and find vulnerabilities in vendored libraries

See &7186

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

  • #### POINT: This is a point
  • * point: This is a point
  • + Point: This is a point
  • - pOINT: This is a point
  • point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

  • # Topic: Inline discussion topic 1
  • ## TOPIC: **{+A Green, bolded topic+}**
  • ### tOpIc: Another topic

Quick Actions

Action Description
/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics
/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Last updated by this job

Discoto Settings 
---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited by Olivier Gonzalez