This is an automated email from the ASF dual-hosted git repository.
zehnder pushed a commit to branch 3850-remove-duplicate-vulnerability-scanning
in repository https://gitbox.apache.org/repos/asf/streampipes.git
The following commit(s) were added to
refs/heads/3850-remove-duplicate-vulnerability-scanning by this push:
new 157339f4b6 fix(#3850): Remove osv scanner action
157339f4b6 is described below
commit 157339f4b6c07fdf5f8f76dafe7d8d697fbae937
Author: Philipp Zehnder <[email protected]>
AuthorDate: Fri Oct 17 10:05:59 2025 +0200
fix(#3850): Remove osv scanner action
---
.github/workflows/osv-scanner.yml | 54 ---------------------------------------
VULNERABILITY.md | 11 --------
2 files changed, 65 deletions(-)
diff --git a/.github/workflows/osv-scanner.yml
b/.github/workflows/osv-scanner.yml
deleted file mode 100644
index e3ffcd840f..0000000000
--- a/.github/workflows/osv-scanner.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-name: OSV Scanner
-
-on:
- workflow_dispatch:
- schedule:
- - cron: "0 0 1 * *"
-
-jobs:
- run-osv-scanner:
- name: Run OSV Scanner
- runs-on: ubuntu-latest
-
- steps:
- - name: Checkout
- uses: actions/checkout@v5
-
- - name: Pull OSV Scanner Docker image
- run: docker pull ghcr.io/google/osv-scanner:latest
-
- - name: Scan for vulnerabilities
- run: |
- echo -e '<!--\n ~ Licensed to the Apache Software Foundation (ASF)
under one or more\n ~ contributor license agreements. See the NOTICE file
distributed with\n ~ this work for additional information regarding copyright
ownership.\n ~ The ASF licenses this file to You under the Apache License,
Version 2.0\n ~ (the "License"); you may not use this file except in
compliance with\n ~ the License. You may obtain a copy of the License at\n
~\n ~ http://www.apache.org/lic [...]
- docker run --rm -v $PWD:/repo -w /repo ghcr.io/google/osv-scanner
--format markdown -r . 2>&1 | grep -vE '^((Scanning|Scanned|Failed).*)$' >>
VULNERABILITY.md
- continue-on-error: true
-
- - name: Create Pull Request
- id: cpr
- uses: peter-evans/create-pull-request@v7
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- committer: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
- author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor
}}@users.noreply.github.com>
- signoff: true
- title: Monthly update of vulnerability report
- commit-message: monthly update of vulnerability report
- body: |
- Update *Vulnerablity* report
- delete-branch: true
- reviewers:
"dominikriemer,tenthe,svenO3,smlabt,grainier,RobertIndie,bossenti"
diff --git a/VULNERABILITY.md b/VULNERABILITY.md
deleted file mode 100644
index 00255213a5..0000000000
--- a/VULNERABILITY.md
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--\n ~ Licensed to the Apache Software Foundation (ASF) under one or more\n
~ contributor license agreements. See the NOTICE file distributed with\n ~
this work for additional information regarding copyright ownership.\n ~ The
ASF licenses this file to You under the Apache License, Version 2.0\n ~ (the
"License"); you may not use this file except in compliance with\n ~ the
License. You may obtain a copy of the License at\n ~\n ~
http://www.apache.org/licenses/LICENSE-2.0\n [...]
-| OSV URL | CVSS | Ecosystem | Package | Version | Source |
-| --- | --- | --- | --- | --- | --- |
-| https://osv.dev/GHSA-6mjq-h674-j845 | 6.5 | Maven | io.netty:netty-handler |
4.1.72.Final | pom.xml |
-| https://osv.dev/GHSA-w596-4wvx-j9j6<br/>https://osv.dev/PYSEC-2022-42969 |
7.5 | PyPI | py | 1.11.0 | streampipes-client-python/poetry.lock |
-| https://osv.dev/GHSA-269g-pwp5-87pp | 4.4 | Maven | junit:junit (dev) |
4.8.2 | streampipes-maven-plugin/pom.xml |
-| https://osv.dev/GHSA-4943-9vgg-gr5r | 6.1 | npm | quill | 1.3.7 |
ui/package-lock.json |
-| https://osv.dev/GHSA-f5x3-32g6-xq36 | 6.5 | npm | tar (dev) | 6.2.0 |
ui/package-lock.json |
-| https://osv.dev/GHSA-9qxr-qj54-h672 | 2.6 | npm | undici (dev) | 6.7.1 |
ui/package-lock.json |
-| https://osv.dev/GHSA-m4v8-wqvr-p9f7 | 3.9 | npm | undici (dev) | 6.7.1 |
ui/package-lock.json |
-| https://osv.dev/GHSA-8jhw-289h-jh2g | 5.9 | npm | vite (dev) | 5.1.5 |
ui/package-lock.json |
