[
https://issues.apache.org/jira/browse/CALCITE-7260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vladimir Sitnikov updated CALCITE-7260:
---------------------------------------
Attachment: calcite_security_single_cve.png
> Add gradle/actions/dependency-submission GitHub action to track vulnerable
> dependencies
> ---------------------------------------------------------------------------------------
>
> Key: CALCITE-7260
> URL: https://issues.apache.org/jira/browse/CALCITE-7260
> Project: Calcite
> Issue Type: Improvement
> Reporter: Vladimir Sitnikov
> Priority: Major
> Attachments: calcite_security_overall.png,
> calcite_security_single_cve.png
>
>
> dependency-submission enables GitHub track all the used dependencies and show
> CVE alerts via https://github.com/apache/calcite/security/dependabot
> It would track both runtime, test, build-time, and even build-script
> dependencies which is the right thing from my point of view.
> See
> https://github.com/actions/gradle-build-tools-actions?tab=readme-ov-file#the-dependency-submission-action
> See
> https://github.com/apache/jmeter/blob/2c17f5d2b6b0fa7e0f69dbd56785386a785c8745/.github/workflows/gradle-dependency-submit.yaml
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
