Warning level depends on your cve policy. Basically, SkyWalking only runs groovy on trusted scripts(written by community and previewed). But, still, it depends.
Sheng Wu 吴晟 Apache SkyWalking Twitter, wusheng1108 Forrest Wang <forrest.wang@woo.network.invalid>于2024年4月22日 周一10:23写道: > Hi Community: > When I build Skywalking-java locally, Code Analysis of git show > the following warning: > Warning:(53, 9) Provides transitive vulnerable dependency > maven:com.google.guava:guava:31.1-android CVE-2023-2976 7.1 Files or > Directories Accessible to External Parties vulnerability with High severity > found Results powered by Checkmarx(c) > Can you help to check if this is really a problem or not? > > Picture: > > > B.R.
