[SERVER-83420] Update third_party_components.yml on stable branches Created: 17/Nov/23 Updated: 05/Feb/24 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 7.1.0, 6.0.12, 7.0.4 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Sprint: | Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05, Security 2024-02-19 | ||||
| Participants: | |||||
| Linked BF Score: | 0 | ||||
| Description |
|
The new composition analysis scripts check whether new components have been detected on all stable branches, and emit BFs whenever components not listed in etc/third_party_components.yml have been detected. Currently, new components are known by BlackDuck, but not tracked in the older components file. These were likely false negatives at one point, as some of the libraries I checked are tracked in README.third_party.md. |