diff --git a/.github/workflows/cron-job-its.yml b/.github/workflows/cron-job-its.yml index cc4e9d198f7..3752b6c60ea 100644 --- a/.github/workflows/cron-job-its.yml +++ b/.github/workflows/cron-job-its.yml @@ -27,7 +27,7 @@ on: jobs: build: - if: github.event_name == 'schedule' + if: (github.event_name == 'schedule' && github.repository == 'apache/druid') name: build (jdk8) runs-on: ubuntu-latest steps: @@ -107,10 +107,12 @@ jobs: group: other security_vulnerabilities: + if: github.repository == 'apache/druid' name: security vulnerabilities strategy: + fail-fast: false matrix: - HADOOP_PROFILE: [ '', '-Phadoop3' ] + HADOOP_PROFILE: [ '', '-Phadoop2' ] runs-on: ubuntu-latest steps: - name: Checkout branch @@ -123,9 +125,11 @@ jobs: distribution: 'zulu' cache: maven + - name: maven build # needed to rebuild incase of maven snapshot resolution fails + run: mvn clean install dependency:go-offline -P dist -P skip-static-checks,skip-tests -Dmaven.javadoc.skip=true -Dcyclonedx.skip=true -Dweb.console.skip=true + - name: security vulnerabilities check env: - MVN: mvn --no-snapshot-updates HADOOP_PROFILE: ${{ matrix.HADOOP_PROFILE }} run: | mvn dependency-check:purge dependency-check:check ${HADOOP_PROFILE} || { echo " diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index 207cafb3bf7..465d4cb0b1c 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -122,6 +122,8 @@ https://github.com/FasterXML/jackson-databind/issues/3328 --> CVE-2021-46877 + + CVE-2023-35116 @@ -192,10 +194,14 @@ ~ ... 27 more --> ^pkg:maven/org\.hibernate/hibernate\-validator@.*$ CVE-2017-7536 + CVE-2019-10219 + CVE-2019-14900 + CVE-2020-10693 CVE-2020-25638 @@ -216,8 +222,13 @@ CVE-2019-20444 CVE-2019-20445 CVE-2020-11612 + CVE-2021-21290 + CVE-2021-21295 + CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 + CVE-2021-43797 + CVE-2022-24823 CVE-2022-41881 @@ -799,6 +810,14 @@ CVE-2022-26612 CVE-2023-25613 + CVE-2023-2976 + + + + + prototype pollution CVE-2021-40331 + + + + + ^pkg:maven/.*/.*@.*$ + CVE-2021-4277 + + + + + ^pkg:maven/com\.google\.guava/guava@16.0.1$ + + CVE-2018-10237 + CVE-2020-8908 + CVE-2023-2976 +