Skip to content

Replace NVD with Sonatype OSS Index#16445

Merged
trask merged 1 commit intoopen-telemetry:mainfrom
trask:oss-index
Mar 12, 2026
Merged

Replace NVD with Sonatype OSS Index#16445
trask merged 1 commit intoopen-telemetry:mainfrom
trask:oss-index

Conversation

@trask
Copy link
Member

@trask trask commented Mar 11, 2026
edited
Loading

Looks like a new CVE backing that better understands maven coordinates and so the suppressions we maintained previously should no longer be needed.

I've added the two new secrets, will remove the old NVD secret after merging.

@trask trask marked this pull request as ready for review March 12, 2026 04:10
@trask trask requested a review from a team as a code owner March 12, 2026 04:10
@trask trask merged commit 00cf3d7 into open-telemetry:main Mar 12, 2026
172 of 179 checks passed
@trask trask deleted the oss-index branch March 12, 2026 17:22
trask added a commit to trask/opentelemetry-java that referenced this pull request Mar 13, 2026
@trask
Replace NVD with Sonatype OSS Index
e77c1d5 
Looks like a new CVE backing that better understands maven coordinates and so the suppressions we maintained previously should no longer be needed.

Ported from open-telemetry/opentelemetry-java-instrumentation#16445
trask added a commit to trask/opentelemetry-java-contrib that referenced this pull request Mar 13, 2026
@trask
Replace NVD with Sonatype OSS Index
7fa6a8f 
Looks like a new CVE backing that better understands maven coordinates and so the suppressions we maintained previously should no longer be needed.

Ported from open-telemetry/opentelemetry-java-instrumentation#16445
This was referenced Mar 13, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laurit laurit laurit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@trask @laurit