ghbren

@apazzolini Apologies, we missed your message earlier, and thank you for describing the caveats. Unfortunately, this will not be a very simple task. We most likely will not be able...

@CyberCowboys Although we plan to upgrade brakeman, we are not sure when it will happen yet. This upgrade will be kind of tricky, because we might need to add brakeman...

@zbuc Thank you for your PR. Your fork is out of date with master, could you update? Also, for some reason circle tests did not run with your PR. Hopefully...

Also, looks like the Semgrep upgrade will cause unit tests in `spec/lib/salus/scanners/semgrep_spec.rb` to fail. Could you do the following to fix the tests? First, update the two occurences of `Could...

BTW, semgrep 0.60.0 just came out. Can you upgrade to 0.60?

@zbuc Thanks for the updates. I couldn't find any documentation on this permission thing with first-time PR requester? Any chance you know how to fix the permission thing?

@zbuc Just wanted to let you know I filed a ticket with github on why all the ci/circleci jobs got stuck, and still waiting for their reply.

> Has there been any update from GitHub? Are you able to manually trigger the checks to run or check the settings for PRs from public forks? Github told us...

Hi, a `.` in the file name along with other things could be used for security exploits. Would it be possible for you to just update `REPO_PATH/.salus/salus.json` to `REPO_PATH/salus/salus.json`?

Hi @nonameyo, apologies for the late reply. Would you be able to share your package-lock.json? It will help us debug the issue. Thank you.