Skip to content

[CI] Remove owasp-dep-check from required checks #14512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eolivelli merged 1 commit into from
Mar 1, 2022
Merged

[CI] Remove owasp-dep-check from required checks #14512

eolivelli merged 1 commit into from
Mar 1, 2022

Conversation

@lhotari
Copy link
Member

@lhotari lhotari commented Mar 1, 2022

Motivation

  • OWASP dependency check shouldn't be a required check
    • when a new vulnerability occurs, it blocks all PRs that change pom.xml
      files if his check is a required check.

Modifications

  • remove owasp-dep-check from required checks

@lhotari
[Build] Remove owasp-dep-check from required checks
3b62c6c 
- OWASP dependency check shouldn't be a required check
  - when a new vulnerability occurs, it blocks all PRs that change pom.xml
    files if his check is a required check.
@lhotari lhotari added area/build doc-not-needed Your PR changes do not impact docs area/ci labels Mar 1, 2022
@lhotari lhotari requested a review from michaeljmarshall March 1, 2022 12:35
@lhotari lhotari self-assigned this Mar 1, 2022
@lhotari lhotari requested a review from eolivelli March 1, 2022 13:53
@lhotari
Copy link
Member Author

lhotari commented Mar 1, 2022

It seems that owasp-dep-check has never cleanly passed and this blocks PRs which make pom.xml changes. Example of blocked PR: #14509 .
More details of owasp-dep-check issue.

eolivelli
eolivelli approved these changes Mar 1, 2022
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense

@eolivelli eolivelli merged commit 8ec2954 into apache:master Mar 1, 2022
Nicklee007 pushed a commit to Nicklee007/pulsar that referenced this pull request Apr 20, 2022
@lhotari
[Build] Remove owasp-dep-check from required checks (apache#14512)
c060dea 
- OWASP dependency check shouldn't be a required check
  - when a new vulnerability occurs, it blocks all PRs that change pom.xml
    files if his check is a required check.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eolivelli eolivelli eolivelli approved these changes

@michaeljmarshall michaeljmarshall michaeljmarshall approved these changes

Assignees

@lhotari lhotari

Labels

area/build area/ci doc-not-needed Your PR changes do not impact docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lhotari @eolivelli @michaeljmarshall