Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sonatype-nexus-community/iq-merge-review-remediations

Automatically inserts component version recommendations in pull or merge requests
https://github.com/sonatype-nexus-community/iq-merge-review-remediations

github gitlab iq lifecycle nexus

Last synced: 22 days ago
JSON representation

Automatically inserts component version recommendations in pull or merge requests

Awesome Lists containing this project

README 

        
# iq-merge-review-remediations [![DepShield Badge](https://depshield.sonatype.org/badges/sonatype-nexus-community/iq-merge-review-remediations/depshield.svg)](https://depshield.github.io)



AWS Lambda which uses your Sonatype Nexus IQ instance to capture GitHub Pull Requests and/or GitLab Merge Requests from your repos and adds inline comments with suggestions on versions to upgrade your vulnerable open source components.



## How to use



1. Build and upload as AWS Lambda

2. Add your webhook to your repo's config with the following payload URL:



`?iq_url=&iq_auth=:&iq_app=&token=`



## Supported languages

* go (go modules)

* Java (maven, gradle)

* C# / .net (nuget)

* Javascript / Typescript (npm)

* Ruby (rubygems)



## Examples



### GitHub Pull Request

https://github.com/HokieGeek/various-manifests/pull/49/files



### GitLab Merge Request

https://gitlab.com/HokieGeek/various-manifests/merge_requests/5/diffs



## The Fine Print



It is worth noting that this is **NOT SUPPORTED** by [Sonatype](//www.sonatype.com), and is a contribution of [@HokieGeek](https://github.com/HokieGeek)

plus us to the open source community (read: you!)



Remember:



- Use this contribution at the risk tolerance that you have

- Do **NOT** file Sonatype support tickets related to this

- **DO** file issues here on GitHub, so that the community can pitch in