--
tomaz
On Tue, Aug 27, 2013 at 4:41 AM, David Jorm <djorm(a)redhat.com> wrote:
Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan
for known vulnerable dependencies at build time. The rationale behind
putting this scan into a separate profile was to ensure that it had no
deleterious impact on day-to-day development. To ensure that we do get some
regular scans performed, the missing step is to create a jenkins job which
regularly runs builds using the victims-scan profile, and then emails
output to an appropriate list if the build fails due to the victims scan. I
think an appropriate trigger for the job would be a weekly timer. Would it
be possible to create such a job? Is there any way I can assist to make it
happen?
Thanks
--
David Jorm / Red Hat Security Response Team
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev