David Handermann created NIFI-13493:
---------------------------------------
Summary: Disable dependency-check workflow
Key: NIFI-13493
URL: https://issues.apache.org/jira/browse/NIFI-13493
Project: Apache NiFi
Issue Type: Improvement
Components: Tools and Build
Reporter: David Handermann
Assignee: David Handermann
The dependency check workflow executes the OWASP Dependency Check Maven Plugin
to evaluate project dependencies against current published vulnerabilities.
Although this provides benefits, changes in version 9 of the plugin involve
using the new NVD API which has significant rate limits. Additional caching
options should be evaluated, but removing the workflow for now avoids false
positives. Running the dependency-check profile on a local build still provides
value, but other approaches should be evaluated for automated vulnerability
scanning.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
