[Feature] Add dependency vulnerability audit tooling in CI or documented local workflow #7

Closed
opened 2026-07-06 11:27:04 +02:00 by zemion · 1 comment
Owner

Imported from the consolidated GovOPlaN product backlog.

  • Source: /mnt/DATA/Nextcloud/ADD ideas UG/Products/govoplan/backlog.md
  • Line: 131
  • Section: Milestones > Milestone 7 - Privacy, Governance, And Security
  • Source status: PARTIAL.

Imported backlog item:

- [ ] Add dependency vulnerability audit tooling in CI or documented local workflow.
<!-- codex-backlog-fingerprint:c9869edc62f11fc58692a489 --> Imported from the consolidated GovOPlaN product backlog. - Source: `/mnt/DATA/Nextcloud/ADD ideas UG/Products/govoplan/backlog.md` - Line: `131` - Section: `Milestones > Milestone 7 - Privacy, Governance, And Security` - Source status: `PARTIAL.` Imported backlog item: ```markdown - [ ] Add dependency vulnerability audit tooling in CI or documented local workflow. ```
zemion added this to the Milestone 7 - Privacy, Governance, And Security milestone 2026-07-06 12:57:49 +02:00
zemion added the
priority
p2
label 2026-07-08 03:03:14 +02:00
Author
Owner

Closed by adding a reproducible dependency-audit workflow and local runner. Evidence: scripts/check-dependency-audits.sh, docs/DEPENDENCY_AUDITS.md, docs/audits/2026-07-09-dependency-audit.md, and .gitea/workflows/dependency-audit.yml. The script now runs both Python and npm audits and returns failure only after both sides have reported.

Closed by adding a reproducible dependency-audit workflow and local runner. Evidence: scripts/check-dependency-audits.sh, docs/DEPENDENCY_AUDITS.md, docs/audits/2026-07-09-dependency-audit.md, and .gitea/workflows/dependency-audit.yml. The script now runs both Python and npm audits and returns failure only after both sides have reported.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#7
No description provided.