bossenti commented on issue #1107: URL: https://github.com/apache/streampipes/issues/1107#issuecomment-1478077810
Hi @Kshitiz-Mhto, thanks for working on this topic. I'll assign you to the issue to make it transparent. In general, it looks good I guess. The osv scanner should also be available as a Github Action, so no need to download it manually. We've not yet thought about how to handle the findings of the scanner, but I think your idea of a VULNERABILITY.md sounds good to me. However, it should not directly get committed but a PR would be fine to raise the proper awareness -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
