You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For those of you that don't know me, I work in the Global Security Team @ Trimble and started the security program back in 2015.
I'm also the assigned Mend Expert for Trimble and participate regularly in Mend's Advisory Board meetings.
TL;DR - we are activating Mend Renovate across all repos in E-Tools Github + Bitbucket.
The work is being done in conjunction with Mend, including Rhys Arkins (inventor of Renovate, now head of SCA+SAST@Mend) and other lead technical staff from Mend. I had the pleasure of meeting Rhys in person recently and he's happy to help us get the most out of the solution.
Initially it will be in what we're calling "silent mode" (ie no PR's for remediating vulnerable or outdated libraries) and will not require any intervention by teams. The aim of the first phase is to get a baseline of vulnerability info for everything sitting in the repos.
There will be a LOT more information available to teams as we progress this work, but I wanted to make people aware of this now as I often see people activating the open source edition of Renovate.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Trimble
-
For those of you that don't know me, I work in the Global Security Team @ Trimble and started the security program back in 2015.
I'm also the assigned Mend Expert for Trimble and participate regularly in Mend's Advisory Board meetings.
TL;DR - we are activating Mend Renovate across all repos in E-Tools Github + Bitbucket.
The work is being done in conjunction with Mend, including Rhys Arkins (inventor of Renovate, now head of SCA+SAST@Mend) and other lead technical staff from Mend. I had the pleasure of meeting Rhys in person recently and he's happy to help us get the most out of the solution.
Initially it will be in what we're calling "silent mode" (ie no PR's for remediating vulnerable or outdated libraries) and will not require any intervention by teams. The aim of the first phase is to get a baseline of vulnerability info for everything sitting in the repos.
There will be a LOT more information available to teams as we progress this work, but I wanted to make people aware of this now as I often see people activating the open source edition of Renovate.
Reach out to me ([email protected]) if you have any questions.
Beta Was this translation helpful? Give feedback.
All reactions