potiuk commented on pull request #10668: URL: https://github.com/apache/airflow/pull/10668#issuecomment-684014007
> Looks good to me - will report back what Snyk thinks of Airflow w/ these files removed, once this PR is merged :) Yep. I am always interested in those scanners. I used BlackDuck quite heavily (including building some automation around it) and it was pretty traumatic experience. A number of false positives and unhelpful information was staggering. Maybe because it was on Android Lollipop source code (460+ Open Source repositories to scan), but I am not trusting those scanners too much - especially not believing in the "magic" they say they do. Often they fail in basic understanding what is a real requirement and what they think it is. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
