docs: document external data sources and hostnames#8219
docs: document external data sources and hostnames#8219jeremylong merged 5 commits intodependency-check:mainfrom
Conversation
Adds a table of external hosts contacted by Dependency-Check for enterprise network allow-listing.
…list Updated hostnames and added methodology section for clarity.
|
Thanks for the feedback! I’ve updated the table to remove entries that could not be verified from the codebase (PyPI, NuGet, Go, Ruby) and refined the methodology section to clarify how the hostnames were identified and which are indirect via analyzers. Please let me know if this looks better now. |
Also add Elixir Mix Audit. Signed-off-by: Chad Wilson <[email protected]>
…n page Signed-off-by: Chad Wilson <[email protected]>
There was a problem hiding this comment.
Generally looks fine to me, although I made some suggestions and additions that tidy the documentation further via a separate PR at SachinAditya#1 for @SachinAditya consideration (to clarify for Sachin, I am a contributor and triager on the project, but i do not have permissions to edit others' PRs or merge directly, which is why I suggest edits this way) 👍
Augment table with analyzer/ecosystem/configurability info - clarify rest of docs
|
Thanks! I've merged the suggested improvements from PR #1 into this branch. Appreciate the review. |
|
Hi Chad,
Sorry for the slight delay in replying — I wasn’t feeling well yesterday.
Thank you for the review and for the suggested improvements — I really
appreciate it.
I’ve now merged the changes from your PR (SachinAditya#1) into my branch
and updated the main PR accordingly. I also refined the methodology section
and removed entries that could not be reliably verified from the codebase.
Please let me know if anything else should be adjusted. Happy to iterate
further if needed.
Thanks again for your time and guidance.
Best regards,
Aditya Devraj
(GitHub: SachinAditya)
…On Mon, Jan 12, 2026 at 11:14 AM Chad Wilson ***@***.***> wrote:
***@***.**** requested changes on this pull request.
Generally looks fine to me, although I made some suggestions and additions
that tidy the documentation further via a separate PR at SachinAditya#1
<SachinAditya#1> for @SachinAditya
<https://github.com/SachinAditya> consideration
—
Reply to this email directly, view it on GitHub
<#8219 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AXNH243BG4RNF7RY26UEBSL4GMYERAVCNFSM6AAAAACRKGS7CCVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTMNBZGI2DAMBVGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Thanks for the review and approval! It looks like the remaining failure is in the “Build and Test Docker (linux/arm64)” job, which is failing with an “Illegal instruction” during bundle audit update. Please let me know if you’d like me to do anything further from my side, or if it can be retried / approved. Thanks again! |
3 participants
This PR documents the external data sources and hostnames that Dependency-Check may contact depending on enabled analyzers and configuration.
It adds a table to the "Internet Access Required" documentation to help organizations with restricted networks create accurate allow-lists.
Fixes #6600