Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK third-party dependencies management #317

Closed
skinny85 opened this issue May 3, 2021 · 3 comments
Closed

CDK third-party dependencies management #317

skinny85 opened this issue May 3, 2021 · 3 comments
Labels
status/stale The RFC did not get any significant enough progress or tracking and has become stale.

Comments

@skinny85
Copy link
Contributor

skinny85 commented May 3, 2021

Description

The CDK depends on many third-party open-source libraries. Because of that, it needs to manage what happens when a security issue is found in one of them, and how do we defend against supply chain attacks.

Roles

  • Driver (drives the proposal to completion): @skinny85
  • Approver(s): (assigned by CDK team)
@skinny85 skinny85 self-assigned this May 3, 2021
@skinny85 skinny85 mentioned this issue May 5, 2021
Closed
@eladb eladb added the status/review Proposal pending review/revision label May 18, 2021
@skinny85 skinny85 removed their assignment Jun 22, 2021
@niebloomj
Copy link

What is the proposition here? Sounds interesting.

@sholtomaud
Copy link

I reckon this issue should raise the question about AWS funding these 3rd party tools in a business partnership model. A tool like @feross @SocketDev could really shine here, but again, a funding and license model is key.

@mrgrain mrgrain added status/stale The RFC did not get any significant enough progress or tracking and has become stale. and removed status/review Proposal pending review/revision labels Oct 18, 2023
@mrgrain
Copy link
Contributor

mrgrain commented Oct 18, 2023

Marking this RFCs as stale like the associated PR. We appreciate the effort that has gone into this proposal. Marking an RFCs as stale is not a one-way door. If you have made substantial changes to the proposal, please open a new issue/RFC. You might also consider raising a PR to aws/aws-cdk directly or self-publishing to Construct Hub.

@mrgrain mrgrain closed this as completed Oct 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/stale The RFC did not get any significant enough progress or tracking and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mrgrain @sholtomaud @skinny85 @eladb @niebloomj