Remove some security recipes that are dominating the total time

Author: jkschneider

src/main/resources/META-INF/rewrite/devcenter-starter.yml

@@ -84,13 +84,18 @@ tags:
   # dimensions of the security DevCenter card.
   - DevCenter:security
 recipeList:
-  - org.openrewrite.java.security.secrets.FindSecrets
+  # The most expensive recipe in the original DevCenter set
+  # - org.openrewrite.java.security.secrets.FindSecrets
+
   - org.openrewrite.java.security.OwaspA01
   - org.openrewrite.java.security.OwaspA02
   - org.openrewrite.java.security.OwaspA03
   # TODO TraitErrors thrown by VarAccessBase bug
   #  - org.openrewrite.java.security.OwaspA05
-  - org.openrewrite.java.security.OwaspA06
+
+  # Includes dependency vulnerability upgrade attempts which are expensive
+  #- org.openrewrite.java.security.OwaspA06
+
   - org.openrewrite.java.security.OwaspA08
   - org.openrewrite.java.security.RegularExpressionDenialOfService
   - org.openrewrite.java.security.ZipSlip

src/main/resources/META-INF/rewrite/original-security.yml

@@ -0,0 +1,40 @@
+#
+# Copyright 2025 the original author or authors.
+# <p>
+# Licensed under the Moderne Source Available License (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# <p>
+# https://docs.moderne.io/licensing/moderne-source-available-license
+# <p>
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+type: specs.openrewrite.org/v1beta/recipe
+name: io.moderne.devcenter.SecurityOriginalStarter
+displayName: Original DevCenter security card
+description: >-
+  This is the same set of recipes as the original DevCenter security card.
+tags:
+  # This tag is used by ReportAsSecurityIssues to identify sibling recipes that make up the
+  # dimensions of the security DevCenter card.
+  - DevCenter:security
+recipeList:
+  - org.openrewrite.java.security.secrets.FindSecrets
+  - org.openrewrite.java.security.OwaspA01
+  - org.openrewrite.java.security.OwaspA02
+  - org.openrewrite.java.security.OwaspA03
+  # TODO TraitErrors thrown by VarAccessBase bug
+  #  - org.openrewrite.java.security.OwaspA05
+  - org.openrewrite.java.security.OwaspA06
+  - org.openrewrite.java.security.OwaspA08
+  - org.openrewrite.java.security.RegularExpressionDenialOfService
+  - org.openrewrite.java.security.ZipSlip
+  - org.openrewrite.java.security.SecureTempFileCreation
+  # Changes made by recipes above this one in the recipe list are reported as occurrences
+  # in the Security DevCenter card.
+  - io.moderne.devcenter.ReportAsSecurityIssues

src/test/java/io/moderne/devcenter/ReportAsSecurityIssuesTest.java

@@ -32,8 +32,8 @@ public void defaults(RecipeSpec spec) {
           .scanRuntimeClasspath("org.openrewrite")
           .scanYamlResources()
           .build()
-          // In src/main/resources/devcenter-starter.yml
-          .activateRecipes("io.moderne.devcenter.SecurityStarter"));
+          // In src/main/resources/original-security.yml
+          .activateRecipes("io.moderne.devcenter.SecurityOriginalStarter"));
     }
 
     @Test