thomasnordahl-dk
commented
1 year ago I received mails two or three times after disabling the checks and it has since stopped. I assume the issue is no longer relevant - either the server took some time to update some indices, the error was temporary or it was fixed somehow.
Yesterday I disabled security scans for 60+ private packages, but I'm still receiving notifications for all of these packages.
I've double checked the package settings and the setting is "enable security scan: no".
(If you are wondering why we are disabling security scans, it is because the code base in question is split into many smaller modules / packages, so to avoid getting an email for each package notifying us of the same problem, we only have the top level packages enabled, so we only get one email per package that is deployed to production. Modules with issues should be caught by checking the composer.lock of the top level project and if they aren't it is because they are not being used in production)