[SERVER-83420] Update third_party_components.yml on stable branches Created: 17/Nov/23  Updated: 05/Feb/24

Status: Open
Project: Core Server
Component/s: None
Affects Version/s: 7.1.0, 6.0.12, 7.0.4
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Assigned Teams:
Server Security
Sprint: Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05, Security 2024-02-19
Participants:
Linked BF Score: 0

 Description   

The new composition analysis scripts check whether new components have been detected on all stable branches, and emit BFs whenever components not listed in etc/third_party_components.yml have been detected. Currently, new components are known by BlackDuck, but not tracked in the older components file. These were likely false negatives at one point, as some of the libraries I checked are tracked in README.third_party.md.


Generated at Thu Feb 08 06:52:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.