hpvd
hpvd
@alexku7 would be happy to see the statistics when scanning upcoming v2.8 with same tool (white source)!
just another topic for optimizing code quality and security further: Use Automatic Fuzzing to find bugs (e.g. as part of CI / via github action) https://github.com/apache/pulsar/issues/12789 -> with the latest...
just learned about the github's dependency graph. When looking into it for pulsar, there are - 200+ dependencies found - many of these are somehow outdated and newer versions are...
just to have a first impression without having to leave this issue: | def | number of dependencies | | --- | --- | | Dependencies defined in pom.xml |...
With this high number of dependencies of all kinds and different ages the main question that is bothering me: => Is it enough (or a least the best thing we...
just to show numbers are constantly growing (yes this is no statistic ;-) only good to transport the feeling...) from yesterday to today: one more dependency was introduced | def...
many thanks for your answer, additional details and advice! Will bring some points to the list within the next weeks... btw: does anybody look on pulsar with a tool like...
another interesting topic in this field of automatic security scanning: Automatic Scan for CWEs (additional to CVEs) https://github.com/apache/pulsar/issues/17069
just to visualize/summarize the current state: our current procedure/routine seems to **miss 35 _fixable_ vulnerabilities (CVE)** when releasing latest version 2.10.2 okay, a (very) few less if - not all...