Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Figure out a way to get the apk packages dependabot'ed #24

Open
MarkIannucci opened this issue Jan 31, 2023 · 2 comments
Open

Figure out a way to get the apk packages dependabot'ed #24

MarkIannucci opened this issue Jan 31, 2023 · 2 comments

Comments

@MarkIannucci
Copy link
Owner

I suspect I need to inject them into the container in a different method (or perhaps publish the container to GHCR? I think GHCR may be the right thing to do here if it will handle the scanning for me.
@MarkIannucci
Copy link
Owner Author

MarkIannucci commented Jan 31, 2023
edited
Loading

This is especially true since the COPY from ... isn't checked by dependabot --- see #9. This is a known issue tracked in dependabot/dependabot-core#5103.

@MarkIannucci
Copy link
Owner Author

As for the problem with the apk packages, looks like we've got a start on a good workaround here...

@MarkIannucci MarkIannucci mentioned this issue Jan 31, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MarkIannucci