Security issue:
When running (at least the command line scanner) for JAR files, it accesses most resources in HTTPS but for some reason it accesses search.maven.org/remotecontent?filepath= in clear.
This is because the MavenArtifact does this:
private static final String CENTRAL_CONTENT_URL = "//search.maven.org/remotecontent?filepath=";
As opposed to the solrsearch that is configured in the properties file:
analyzer.central.url=https://search.maven.org/solrsearch/select
Security issue:
When running (at least the command line scanner) for JAR files, it accesses most resources in HTTPS but for some reason it accesses search.maven.org/remotecontent?filepath= in clear.
This is because the MavenArtifact does this:
private static final String CENTRAL_CONTENT_URL = "//search.maven.org/remotecontent?filepath=";
As opposed to the solrsearch that is configured in the properties file:
analyzer.central.url=https://search.maven.org/solrsearch/select