christosservosNCIN
commented
6 months ago Hello!
The issue here can be split in 2 parts.
The first is that NVD has indeed been a bit unstable lately, but we can not do too much about it.
The second is that the workflow "SCA_caller / SCA - Dependency Check Analysis" is not being actually triggered by a PR itself, but rather by a push event on a secondary branch (e.g. dependabot), which is later acting as the source of a PR to the "main" branch and causing this confusion. In order to avoid this, the workflow initially included the following exception:
branches-ignore:
- 'dependabot/*'However, the above snippet seems to not always work in our case because this branch exception will only catch patterns like: "dependabot/something". The branches that are being opened in our repositories follow the pattern: "dependabot/something/something", and thus, in order to achieve our goal, the exception should be corrected by adding one asterisk (*) as:
branches-ignore:
- 'dependabot/**'This will greatly reduce the amount of needless "SCA" workflow runs. If after the correction we see that there is still a big amount of noise, we can consider turning this to a scheduled mode.
babisRoutis
NVD API seems unstable. Some times succeeds, other not.
An indicative run is the following: https://github.com/eu-digital-identity-wallet/eudi-lib-jvm-siop-openid4vp-kt/actions/runs/8436599889/job/23104396720
Since we use this API via workflow
SCA_caller / SCA - Dependency Check Analysisand given that this workflow is triggered with each PR, a lot of noise (in the form of error email) is being generated.Please consider