Hi everyone, I am trying to try out a demo version of datahub in a secure environment to try it out. In order to do so, I need to procure linkedin/datahub-* images into our internal container image repo. However when I try to pull images, our automated security scanner (open source tool called privy) is throwing a number of warnings about insecure libraries. Most of the warnings are for trace-core4-4.1.0-incubating.jar file which is part of all the images (gms/ingestion / mae / mce) etc. Question: Is there a way for me to manually replace / upgrade these dependencies that are part of the application war?

Hi @brash-rainbow-94208: we don't see that issue in our scans. e.g. here

Thanks @mammoth-bear-12532 - Could you please let me know what settings are being used for the trivy scan?

https://github.com/datahub-project/datahub/blob/master/.github/workflows/docker-unified.yml#L100

ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'