Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant owasp dependency audit tool #7581

Merged
merged 2 commits into from
Feb 4, 2025
Merged

Remove redundant owasp dependency audit tool #7581

merged 2 commits into from
Feb 4, 2025

Conversation

albin-mullvad
Copy link
Collaborator

@albin-mullvad albin-mullvad commented Feb 3, 2025
edited
Loading

The OWASP DependencyCheck plugin is now being removed in favor of osv-scanner (which is used repo-wide). We've run both for a period of time and now deem it to work well enough to no longer need both.

This change is Reviewable

@albin-mullvad albin-mullvad added the Android Issues related to Android label Feb 3, 2025
@albin-mullvad albin-mullvad self-assigned this Feb 3, 2025
@linear Linear
Copy link

linear bot commented Feb 3, 2025

DROID-1776 Remove OWASP dependency check plugin

@albin-mullvad albin-mullvad force-pushed the remove-owasp-dependency-check-plugin-droid-1776 branch 2 times, most recently from 28b0510 to 3568e16 Compare February 3, 2025 15:11
@albin-mullvad albin-mullvad marked this pull request as ready for review February 3, 2025 15:12
@albin-mullvad albin-mullvad requested a review from Pururun February 3, 2025 15:12
@albin-mullvad albin-mullvad changed the title Remove OWASP dependency check plugin Remove redundant dependency audit tool Feb 3, 2025
@albin-mullvad albin-mullvad changed the title Remove redundant dependency audit tool Remove redundant owasp dependency audit tool Feb 3, 2025
Pururun
Pururun approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@Pururun Pururun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 12 of 12 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

raksooo
raksooo approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@raksooo raksooo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 10 of 12 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@albin-mullvad albin-mullvad force-pushed the remove-owasp-dependency-check-plugin-droid-1776 branch from 3568e16 to 90a7943 Compare February 4, 2025 07:28
@albin-mullvad
Remove OWASP dependency check plugin
dfa9742 
The OWASP DependencyCheck plugin has been replaced
with `osv-scanner` which covers our use-case.
@albin-mullvad
Update gradle lockfile
c2a7eb7
@albin-mullvad albin-mullvad force-pushed the remove-owasp-dependency-check-plugin-droid-1776 branch from 90a7943 to c2a7eb7 Compare February 4, 2025 07:30
@albin-mullvad albin-mullvad merged commit 468e1ea into main Feb 4, 2025
28 checks passed
@albin-mullvad albin-mullvad deleted the remove-owasp-dependency-check-plugin-droid-1776 branch February 4, 2025 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pururun Pururun Pururun approved these changes

@raksooo raksooo raksooo approved these changes

@faern faern Awaiting requested review from faern faern is a code owner

@pinkisemils pinkisemils Awaiting requested review from pinkisemils pinkisemils is a code owner

Assignees

@albin-mullvad albin-mullvad

Labels
Android Issues related to Android
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@albin-mullvad @Pururun @raksooo