[
https://issues.apache.org/jira/browse/NIFI-13493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-13493:
----------------------------
Fix Version/s: 2.0.0-M5
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Disable dependency-check workflow
> ---------------------------------
>
> Key: NIFI-13493
> URL: https://issues.apache.org/jira/browse/NIFI-13493
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 2.0.0-M5
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The dependency check workflow executes the OWASP Dependency Check Maven
> Plugin to evaluate project dependencies against current published
> vulnerabilities. Although this provides benefits, changes in version 9 of the
> plugin involve using the new NVD API which has significant rate limits.
> Additional caching options should be evaluated, but removing the workflow for
> now avoids false positives. Running the dependency-check profile on a local
> build still provides value, but other approaches should be evaluated for
> automated vulnerability scanning.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
