Different repository types have various metadata like files Firewall should ignore (as in not consider components and do policy evaluation). For example:
- p2 meta-data files
- PyPI /simple/*
- npm package metadata
- Maven metadata (which we already ignore)
If you have a "component unknown" policy it will constantly be triggered for these.
- Feature for RM 3. See CLM-8494 for RM 2.
- RM filters based on a list managed through the HDS; list is retrieved via IQ Server.
- List should not change often, can get the list once per day. Users will have to wait until the update interval. Will add a force update feature based on demand.
- This story ignores the need to update the existing repository results. Future story to figure out how that will work and ramifications.
Firewall for RM 3 ignoring irrelevant files - points: 5, 5, 8
Firewall in Nexus should not scan p2 metadata files: