Add workflow for security governance for packages
peterhessey opened this issue ยท 0 comments
peterhessey commented
๐ Feature
A GitHub workflow that regularly runs to check for security issues with any packages existing in environment.yml. It should run regularly (e.g. weekly) as well as on any new PRs. It should fail if any critical packages are found. Dependabot may provide some or all of the necessary functionality here.
Motivation
A similar suite of checks in the private MSR repo for IE-DL (which uses this repo as a submodule) are failing due to security concerns around packages used in this env.