Niklas

I *think* this should be covered by the Kafka clients automatically, see https://www.conduktor.io/kafka/kafka-producer-retries and #70 (section "Producers"). Granted, we'll probably need to tweak and verify the configuration.

ToDo: Provide some sane defaults (e.g. reducing retry attempts to something less than MAX).

Not pursuing this anymore as a consequence of #1619

An overview diagram was added in #228. Topology diagrams are still pending currently.

Thanks again for yet another detailed and super helpful writeup (and shame on me for the late response ⚰️)! The processing semantics are definitely something we should consider more sooner...

I think we covered the vulnerability analyzer side of things, but we still need to address the repo meta analyzer and notification publisher services.

@stevespringett Thoughts on this part? > * `io.jsonwebtoken:jjwt`: `0.9.1` -> `0.12.5` > * Signing and verifying of JWTs with Alpine's SecretKey no longer worked. I'm not sure why it worked...

Hmmm yes, I was not planning to remove any of the keys. Just wondering which ones are supposed to be used for JWT signing. At the moment, the secret key...

Another option would be to re-use the secret key's content to construct a new `SecretKey` with `hmacSHA256` algorithm: ```java SecretKey originalKey = KeyManager.getInstance().getSecretKey(); // algorithm=AES SecretKey hmacKey = new SecretKeySpec(originalKey.getEncoded(),...

We log the response headers and body from Slack in `DEBUG` level. You can enable debug logging by passing the `LOGGING_LEVEL=DEBUG` environment variable. Debug logs will be quite noisy, you...