Comments (8)
ruromero
commented on June 23, 2024
Hi @rubensa
It's also available in the GA repository
You have to add the GA Red Hat Repository to your Maven repositories in the settings.xml file, you can find the instructions here
from fabric8-analytics-vscode-extension.
rubensa
commented on June 23, 2024
@ruromero Thanks for the info
But the thing is, why the extension is proposing a fix for a 0 vulnerabilities package and the proposed package is not from maven central but from other repository (whereas the original one is in maven central)?
And, where is the source code and changeset for the proposed Red Hat package version to check if that change makes sense or not?
from fabric8-analytics-vscode-extension.
ruromero
commented on June 23, 2024
Hi @rubensa
It's a recommendation of a Red Hat alternative that will bring you better support and more frequent patches. You can expect vulnerabilities to be reported earlier in RH supported packages and be notified about vulnerable packages from the Red Hat security data feeds.
Besides, packages pushed to the RH repository have been certified and signed by RH whereas Maven Central can host any package from any developer.
The source code is also available in the RH repository but we're not providing the specific changeset that justifies in any way any functional benefit of using it.
That's why it is underlined in blue, meaning that it's just a suggestion.
from fabric8-analytics-vscode-extension.
rubensa
commented on June 23, 2024
@ruromero
Thank you for the info.
Could you provide me the URL for the RH repository with the source code?
from fabric8-analytics-vscode-extension.
ruromero
commented on June 23, 2024
Definitely! In the same Maven repository you can find all the sources.
This is the source code of the artifact mentioned in the issue com.google.findbugs:jsr305:3.0.2.redhat-00018
from fabric8-analytics-vscode-extension.
rubensa
commented on June 23, 2024
Thanks @ruromero but was meaning the source code repository (GitHub or something?) 😓
from fabric8-analytics-vscode-extension.
ruromero
commented on June 23, 2024
For this specific package I honestly don't know. The pom says the source control management is at http://findbugs.googlecode.com/svn/trunk/ but this link is not working.
from fabric8-analytics-vscode-extension.
rubensa
commented on June 23, 2024
I think that is cause the code in googlecode repository is now archived: https://code.google.com/archive/p/findbugs/source/default/source
It was, at sometime, moved to GitHub: https://github.com/findbugsproject/findbugs
But currently, the development is done in new GitHub project: https://github.com/spotbugs/spotbugs
The thing here is that, all those source code repositories, are for the original project code, not the RedHat "modified" code...
from fabric8-analytics-vscode-extension.
Related Issues (20)
- Invalid purl: "versions" argument must be a string. HOT 2
- [BUG] maven.executable.path not used anymore HOT 4
- maven project with parent-pom maybe have problem HOT 1
- [BUG]
- [BUG] Still maintained? Please fix annoying error notification on NodeJS project HOT 4
- [BUG] request to https://exhort.stage.devshift.net/api/v4/analysis failed, reason: self signed certificate in certificate chain HOT 6
- Private GitHub Registry Support HOT 1
- [BUG] RHDA is attempting to put a slash at the beginning of the path to my POM, causing the help:effective-pom mvn command to fail HOT 19
- Add analysis tree-view in the VSCode sidebar
- [BUG] invalid json response body at https://rhda.rhcloud.com/api/v4/analysis HOT 3
- request to https://rhda.rhcloud.com/api/v4/analysis failed, reason: unable to get issuer certificate HOT 1
- [BUG] rhda.rhcloud.com certificate expired HOT 1
- [BUG] Long loop error with warning notification HOT 3
- Extension host terminated unexpectedly 3 times within the la HOT 1
- [BUG] Server initialization failed with out of memory HOT 1
- [BUG] Connection fail when using behing a corporate proxy (request to https://rhda.rhcloud.com/api/v4/analysis failed, reason: read ECONNRESET) HOT 2
- [BUG] cannot contribute: npm install fails with 401 Unauthorized HOT 1
- [BUG] Update vscode-redhat-telemetry to 0.8.0 HOT 2
- npm error code ELSPROBLEMS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fabric8-analytics-vscode-extension.