dependency-track
dependency-track copied to clipboard
DependencyTrack
GHSA - Github Security Advisories - Multiple mirroring updates of GHSA
We are subscribes to GHSA and getting many mirroring updates of the GHSA in log:
2022-07-27 23:41:04,684 INFO [GitHubAdvisoryMirrorTask] Starting GitHub Advisory mirroring task 2022-07-27 23:41:07,456 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:11,471 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:14,865 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:18,202 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:21,405 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:24,823 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:28,219 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:31,585 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:35,074 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:38,661 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:41,804 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:45,267 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories 2022-07-27 23:41:51,661 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories
We get lot of Notification Mirror Notification emails (upto 100) - is it by design? What is a reason of that updates? NVD and EPSS are once a day only...
Thanks in advance,
Thanks for reporting. We should definitely reduce the noise and only report this once.
