<div dir="ltr"><div>Here you go:<br><br><a href="http://brontes.lab.eng.brq.redhat.com/viewType.html?buildTypeId=WF_MasterVictimsScan">http://brontes.lab.eng.brq.redhat.com/viewType.html?buildTypeId=WF_MasterVictimsScan</a><br>
<br>--<br></div>tomaz<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Aug 27, 2013 at 4:41 AM, David Jorm <span dir="ltr"><<a href="mailto:djorm@redhat.com" target="_blank">djorm@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All<br>
<br>
Since this PR was merged:<br>
<br>
<a href="https://github.com/wildfly/wildfly/pull/4939" target="_blank">https://github.com/wildfly/wildfly/pull/4939</a><br>
<br>
We now have the "victims-scan" profile in the main POM, which will scan for known vulnerable dependencies at build time. The rationale behind putting this scan into a separate profile was to ensure that it had no deleterious impact on day-to-day development. To ensure that we do get some regular scans performed, the missing step is to create a jenkins job which regularly runs builds using the victims-scan profile, and then emails output to an appropriate list if the build fails due to the victims scan. I think an appropriate trigger for the job would be a weekly timer. Would it be possible to create such a job? Is there any way I can assist to make it happen?<br>
<br>
Thanks<br>
<span class="HOEnZb"><font color="#888888">--<br>
David Jorm / Red Hat Security Response Team<br>
<br>
_______________________________________________<br>
wildfly-dev mailing list<br>
<a href="mailto:wildfly-dev@lists.jboss.org">wildfly-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a><br>
</font></span></blockquote></div><br></div>