Re: [wildfly-dev] Implementing enforce-victims-rule in wildfly builds
Thanks for reporting this issue. We suspect it is actually a bug in the victims library,
as false negatives or artifacts that do not exist in the DB should simply pass inspection
with no warning or failure. We've fixed the suspected bug and we're currently
working on an updated release, I will respond to the list once that is complete so you can
test.
Thanks
David
Yes, the build failed. This plugin can be configured to WARNING
level
in the pom, but we then we won't catch the real problems. In the test
run, I just copied the pom snippet from
https://github.com/victims/victims-enforcer
In my case, the failed test project is
https://github.com/jberet/jsr352/blob/master/test-apps/postConstruct/pom.xml,
which has just 1 direct dependency: an internal peer sub-module, which I
guess is not known to the scanner database. Probably that's why it
failed? But other similarlly-structured sub-modules passed (e.g.,
https://github.com/jberet/jsr352/blob/master/test-apps/propertyInjection/...)
Cheng
On 5/29/13 9:55 AM, Brian Stansberry wrote:
> On 5/28/13 9:56 PM, Cheng Fang wrote:
>> The possible false negatives (as David mentioned in his original email)
>> can also complicate otherwise successful builds. The following error
>> message might have been caused by gaps in the database, though it's not
>> clear which dependency it is complaining about.
>>
>> [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
>> Could not determine vulnerabilities for hash:
>>
8edd1a0bf70467791ec883b7452c21333e829ab714c83090f8328d8205f159f2669772dd66db01af60debd40402e994be7b08527e8f90211425567b52e6b9472
>>
> Does that fail the build, or is the problem limited to noise in the
> build log?
>
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev