Thank you for improving our process for vulnerable dependencies.
> As a next step we can work on making it email the dev list when it fails
+1 - I like this proposal. It will ensure that we have enough
visibility to remediate vulnerabilities quickly.
Thanks,
Michael
On Mon, Jan 31, 2022 at 3:07
Great idea
I will review the PRs
Thanks
Enrico
Il Lun 31 Gen 2022, 21:33 Andrey Yegorov ha
scritto:
> Hello,
>
> As a final step in the series of PRs to upgrade old dependencies with
> various CVEs (by Nicolo and I) I added a PR that introduces extra check on
> pom.xml files changes: it will
Hello,
As a final step in the series of PRs to upgrade old dependencies with
various CVEs (by Nicolo and I) I added a PR that introduces extra check on
pom.xml files changes: it will run OWASP dependency check and fail if any
CVE level >= 7 is detected.
Please review this PR https://github.com/ap
