Great idea I will review the PRs
Thanks Enrico Il Lun 31 Gen 2022, 21:33 Andrey Yegorov <andrey.yego...@datastax.com> ha scritto: > Hello, > > As a final step in the series of PRs to upgrade old dependencies with > various CVEs (by Nicolo and I) I added a PR that introduces extra check on > pom.xml files changes: it will run OWASP dependency check and fail if any > CVE level >= 7 is detected. > > Please review this PR https://github.com/apache/pulsar/pull/13972 an one > more pending fix from Nicolo: https://github.com/apache/pulsar/pull/13943 > > There is an existing workflow that runs daily but it has limited visibility > at the moment: > > https://github.com/apache/pulsar/actions/workflows/ci-owasp-dependency-check.yaml > As a next step we can work on making it email the dev list when it fails > but the check on PR when pom files change will be more immediately visible. > > Similar changes are pending for BookKeeper. > > -- > Andrey Yegorov >
