manuzhang opened a new pull request, #16674: URL: https://github.com/apache/iceberg/pull/16674
## Summary - Add PR path filters to the CVE Scan workflow - Trigger CVE Scan for build, dependency, Gradle, scan, and workflow configuration changes - Avoid running the bundled artifact CVE scan for ordinary source-only PRs ## Why The CVE Scan workflow builds bundled runtime artifacts and scans those artifacts for dependency vulnerabilities. Source-only changes typically do not affect the dependency set being scanned, so running the full matrix on every PR adds CI cost without improving CVE coverage. ## Validation - Parsed `.github/workflows/cve-scan.yml` with Ruby YAML - `git diff --check` - `git diff --check upstream/main..HEAD` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
