-
Problem Description:
- Currently, we lack an automated process to verify and ensure that the versions of security test tools defined in the
config.yml file are up-to-date.
-
Steps to Reproduce:
-
Expected Behavior:
- We need a GitHub Actions workflow that checks the versions of security test tools specified in our
config.yml file against the latest available versions.
-
Current Behavior:
- The versions of security test tools in our
config.yml may become outdated over time, potentially leading to security vulnerabilities or issues in the testing process.
-
Proposed Changes:
- Implement a GitHub Actions workflow that runs periodically or on pull requests.
- The workflow should extract the tool versions from the
config.yml file and compare them against the latest versions available.
- If any tool version is outdated, the workflow should create a new GitHub issue to inform maintainers about the outdated tool and suggest an update.
-
Dependencies:
- GitHub Actions must be enabled for the repository.
- The workflow should include steps to parse the
config.yml file and compare versions.
-
Testing:
- Test the GitHub Actions workflow on a branch or forked repository to ensure it accurately detects outdated tool versions.
-
Documentation Updates:
- Update the project documentation to inform contributors and maintainers about the new GitHub Actions workflow and its purpose.
-
Expected Impact:
- The implementation of this workflow ensures that our security test tools are always using the latest versions, enhancing the security posture of the project.
Environment:
- GitHub Actions: Enabled
- Config File:
.github/workflows/tools_version_check.yml
Note: Please ensure that the necessary permissions and API tokens are configured for GitHub Actions to access the repository and create issues.
Problem Description:
config.ymlfile are up-to-date.Steps to Reproduce:
Expected Behavior:
config.ymlfile against the latest available versions.Current Behavior:
config.ymlmay become outdated over time, potentially leading to security vulnerabilities or issues in the testing process.Proposed Changes:
config.ymlfile and compare them against the latest versions available.Dependencies:
config.ymlfile and compare versions.Testing:
Documentation Updates:
Expected Impact:
Environment:
.github/workflows/tools_version_check.ymlNote: Please ensure that the necessary permissions and API tokens are configured for GitHub Actions to access the repository and create issues.