Communicating security on the Foundation website #25
Comments
|
I'm not sure if it makes sense to display Users should use the latest available version as we do not support older releases anymore and the docs and website are always for the latest version. In general I am a bit confused about https://snyk.io/test/npm/lodash/4.17.0?severity=high&severity=medium&severity=low&policy=open&policy=patched which says 5 open but 0 patched but all state that there were patch releases after this which obviously resolve them. What does "patched" mean in this case and why is it 0? |
|
|
|
Ah ok, thanks for the clarification. |
|
So, I have some ideas on probably a better style of presenting the security state if so to speak but in a different way than saying how many vulns. @bmvermeer will share some of what he as been working on lately and let's see if that's a more interesting way to do it. |
|
Hi @DanielRuf,
Some more information on these badges and how to create one for a specific package can be found here. Please let me know what your thought are around this. |
Hey folks,
Liran from Snyk here 👋
We've been spending some time recently working with the community to increase the security awareness for developers. A good couple of examples of that are embedding a small widget on jsDelivr (https://www.jsdelivr.com/package/npm/lodash?version=4.17.0) and CDNjs (https://cdnjs.dev/libraries/lodash.js/4.10.0) like this:
If you wanted to follow the same on the Foundation landing page (https://get.foundation), as we're tracking some past security issues over at https://snyk.io/vuln/npm:foundation-sites, both me and @bmvermeer would be happy to work with you on it.
The text was updated successfully, but these errors were encountered: