Good thoughts here.
I have also thought about possibly moving the list of false positives from wiki
to the website.
It could be a JSON file or whatever parsable file, and we can parse it in
Javascript and
output it as a table. At the same time we could offer simple search/filtering
both across
I know that. The question is if a new directory is populated sourced from
the current/live directory for existing segments... OR is it populated
in-place (same directory).
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
On Wed, Nov 30, 2022 at 12:37 AM
On Wed, Nov 30, 2022 at 4:36 PM Mike Drob wrote:
> From my understanding, SBOM are meaningful in the context of a release, not
> necessarily an arbitrary code point. VEX on the other hand could be updated
> between releases as information comes in about new CVEs and such. I think
> that’s an impor
Hi Arnout,
Thanks for starting this conversation, I have had similar thoughts recently
but hadn’t put them to action yet.
>From my understanding, SBOM are meaningful in the context of a release, not
necessarily an arbitrary code point. VEX on the other hand could be updated
between releases as in
Hi,
We regularly get questions asking whether Solr is affected by
vulnerabilities that were disclosed for a dependency. With all the
recent enthusiasm around vulnerability scanning and SBOM's, I think we
can expect the number of such questions to rise.
Solr already does a great job of collecting