Hi all, I would like to invite the community to review the following PR:
https://github.com/apache/iotdb/pull/16995 This PR backports and applies several workflow improvements that were previously reviewed and validated through the Apache Ratis community (Ratis PR #1328) into the IoTDB vulnerability-check workflow. The changes include: - Simplified workflow configuration (single runner, consolidated steps) - Enhanced configuration (conditional execution for scheduled scans, support for NVD API key) - Improved naming and explicit permissions for clearer semantics and least-privilege policy - More consistent use of Maven arguments These refinements aim to make the weekly CVE scanning workflow more maintainable, secure, and clearer in intent. The behavior from a user perspective is not affected by these changes; the focus is on CI/workflow robustness and clarity. I’d appreciate any feedback, questions, or suggestions on the design, implementation, and workflow logic before we merge this. Thanks in advance for your time and review! Best regards, Xinyu
