Coder Social home page Coder Social logo

Comments (6)

nelsonic avatar nelsonic commented on July 25, 2024 4

@Y-LyN-10 good question/suggestion. 🤔
as much as it pains me that Node Security Platform has been "rolled into NPM"
(meaning there is no longer an NSP Badge) it's a reality we all have to live with.

I really like what @guypod is doing with Snyk.
They have assembled a great team of people to build the product;
@remy is easily one of the best JS devs in the world! He is a "Mida"! 😮 ⭐️
Snyk is a well-documented/maintained library https://github.com/snyk/snyk

As a side note, Guy's Podcast, "The Secure Developer" is a "must" for all devs!
subscribe if you aren't already: https://www.heavybit.com/library/podcasts/the-secure-developer 🥇

from repo-badges.

Y-LyN-10 avatar Y-LyN-10 commented on July 25, 2024 2

Is snyk an appropriate alternative?

from repo-badges.

nelsonic avatar nelsonic commented on July 25, 2024 2

https://twitter.com/snyksec/status/1067283633805959168
image

from repo-badges.

Berkmann18 avatar Berkmann18 commented on July 25, 2024 1

According to their newsletter and Twitter feed, NSP's service is now integrated into NPM and thus audits could be done by using npm audit and vulnerabilities are shown for vulnerable packages being installed.
Not sure if that's what Github uses too for vulnerability checks.

As for the badge (which brought me here), I have no idea what will replace the defunct NSP badge.

from repo-badges.

nelsonic avatar nelsonic commented on July 25, 2024 1
  1. Visit: https://snyk.io

01-snyk-home-page

  1. Click the "Signup with GitHub" button/link:

02-snyk-signup

  1. Click the button to "Athorise Snyk":

03-snyk-authorise

  1. Click to "Connect with GitHub":

04-snyk-integrations-select-github

  1. Again click "Connect with GitHub":

05-connect-to-github

  1. By default Snyk requests access to both public and private repos,
    Select whatever is relevant to you and continue:

06-snyk-wants-private-repos-by-default

  1. I selected only public repositories as I always follow the "principal of least privilege":

07-snyk-select-public-repos-only

  1. Confirm the access that Snyk is requesting:

08-snyk-authorise

  1. Connect to Snyk to a GitHub Repository:

09-snyk-connect-to-github-repo

  1. Select the desired repository: (in this case hapi-auth-jwt2 ...)

10-snyk-select-desired-repo

  1. Add selected repo:

11-snyk-add-1-selected-repository

  1. Wait for the repo to be imported by Snyk:

12-snyk-importing

  1. Once the repo has finished importing, refresh the page to see your dashboard:

13-snyk-finished-securing

  1. From the Snyk dashboard. Click on the project you want to view:

14-snyk-dashboard-projects

  1. Copy the Snyk "Badge" for inclusion in your project:

15-snyk-project-page

Badge Format:

[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})

Official Badge: Known Vulnerabilities

[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)

Flat Square: Known Vulnerabilities

[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)

Going to PR this change now.

from repo-badges.

nelsonic avatar nelsonic commented on July 25, 2024

@getaaron do you have a suggestion?
It's unclear from the statement if NPM will include the service in their offering ... 🤔

from repo-badges.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.