kevinjqliu opened a new pull request, #16291: URL: https://github.com/apache/iceberg/pull/16291
Extends the Kafka Connect CVE scan from #15430 into a unified `cve-scan.yml` workflow that covers all bundled distributions: - **Kafka Connect runtime** (distZip + unpack) - **Cloud bundles**: aws-bundle, azure-bundle, gcp-bundle - **Spark runtimes**: 3.4, 3.5, 4.0, 4.1 - **Flink runtimes**: 1.20, 2.0, 2.1 - **REST fixture**: open-api Each distribution is a separate matrix entry so failures are isolated. The scan runs on push to main/release branches and RC tags, uploads SARIF to the GitHub Security tab, and is informational only (exit-code 0). Also renames `kafka-connect-cve-scan.yml` → `cve-scan.yml` and updates all CI path-ignore references accordingly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
