Hi SW360 community,
I just stumbled upon some CVEs, which affect libraries we are using in the sw360bdpImportService [1]. At a first glance
none of the described vulnerabilities could directly be exploited in our code. However, I would like to take this as an opportunity to start a discussion about the future of this service. When we initially implemented this service Protex was widely used in
the industry for snippet scanning, code auditing and BOM creation. As the product is phased out I assume its use is diminished as well.
Hence, I would like to know from the community whether this service is still in use. So It would be great if anyone who
is still using this service could respond here so we can check how to further proceed. If there is no interest anymore in the community I would propose to deprecate the sw360bdpImportService and archive its repository. Would be great if you can react until
end of next week so we can act before the seasonal break.
WDYT?
Kind regards,
Johannes
[1] https://github.com/sw360/sw360bdpImportService