DepShield execution history


#1

Hi,

DepShield plugin is an amazing idea!

I have installed it on one of my public repos (GitHub - grenader/stockInfoCollector: Financials. Stocks Info Collector) and was waiting for several days to see its work, but have got no issues or any other kind of alerts.
As it explained in Michelle’s comment to “Introducing Sonatype DepShield: Free for GitHub Developers” article, DepShield should scan my project at the plugin installation time and after every change to a pom.xml file.
Is there is a way to see what DepShield have scanned my project? Is there a history of of its executions anywhere?
One more question, I assume that once DepShield finds a vulnerability, it will create a GitHub issue. In my case it will be here: Issues · grenader/stockInfoCollector · GitHub
Is this correct?

Thank you, Igor


#2

Hi Igor,

I can see that your project is processing successfully and all that you are missing is the badge. See this link here for details on adding your badge to your README.md.

Your badge url: https://depshield.sonatype.org/badges/grenader/stockInfoCollector/depshield.svg

I can see now that you raise this that some of the initial pages one would see for DepShield don’t directly call out the badge, which is the only feedback one will get in a project with zero vulnerabilities! We’ll look at clearing that up. Thanks for the message!

/Collin
Sonatype


#3

Hey Igor,

We’ve made some changes to the installation landing page (Getting Started) which hopefully clarify how to use the badges. If you have any feedback please let us know here.

https://depshield.github.io/#/welcome

Thanks!
Justin Young


#4

Thank you guys, this is much better now!