qzhuyan
commented
8 months ago We dont use submodule due to emqx faviours otherwise PR is welcomed if you know what exactly should be done.
Open elvyso opened 8 months ago
qzhuyan
commented
8 months ago We dont use submodule due to emqx faviours otherwise PR is welcomed if you know what exactly should be done.
I want to raise a potential hurdle in effectively detecting security vulnerabilities within the OpenSSL library, which is currently integrated as a dependency deep within the project's dependency tree. While OpenSSL plays a crucial role, its non-submodule structure might pose limitations for certain security scan tools.
Limited visibility into the OpenSSL dependency might hinder comprehensive security assessments, increasing the risk of undetected vulnerabilities and potential exploits.
We would appreciate collaborating with the project maintainers to explore solutions that enhance the visibility of the OpenSSL dependency for security scan tools.