NihalJain commented on PR #6822: URL: https://github.com/apache/hbase/pull/6822#issuecomment-2739392848
> Keep in mind that this requires an (easily available) NVD API key not to be very slow when downloading the CVE data. That's not necessarily a show stopper for an automated process, unless it causes the build to time out. Hi @stoty Do you mean without API key the CVE data download is very slow? or do we need API key to even get started with scan? I am asking as if that's the case we may have to figure out how to keep secrets at repo level since I cannot see a setting button available at least to me (since I am not an admin of the repo). Maybe infra could help with that! Dug a little deeper. For example, pulsar already does this, here's a sample report https://github.com/apache/pulsar/actions/runs/13959424885/job/39077904067 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
