DepShield plugin is an amazing idea!
I have installed it on one of my public repos (GitHub - grenader/stockInfoCollector: Financials. Stocks Info Collector) and was waiting for several days to see its work, but have got no issues or any other kind of alerts.
As it explained in Michelle’s comment to “Introducing Sonatype DepShield: Free for GitHub Developers” article, DepShield should scan my project at the plugin installation time and after every change to a pom.xml file.
Is there is a way to see what DepShield have scanned my project? Is there a history of of its executions anywhere?
One more question, I assume that once DepShield finds a vulnerability, it will create a GitHub issue. In my case it will be here: Issues · grenader/stockInfoCollector · GitHub
Is this correct?
Thank you, Igor