ccaominh opened a new pull request #9340: Change security vulnerability scan to cron job URL: https://github.com/apache/druid/pull/9340 ### Description Previously, when new CVEs were reported, the security vulnerability scan would unfortunately block PRs that did not modify any dependencies. To prevent this issue, the security scan is now run as a Travis cron job that runs on master and notifies the druid dev list if it fails. The security scan has also been added to the "apache-release" maven profile, to ensure that it passes before a release. Also adjusted some Travis CI job failure help messages to not be folded in the Travis CI job logs. After this PR is merged, I'll update the Apache Druid Travis CI settings to run a daily cronjob on master (which will run just the security scan job). <hr> This PR has: - [x] been self-reviewed. - [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader. - [x] been manually tested in my fork: https://github.com/ccaominh/druid
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
