Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan for known vulnerable dependencies at build time. The rationale behind putting this scan into a separate profile was to ensure that it had no deleterious impact on day-to-day development. To ensure that we do get some regular scans performed, the missing step is to create a jenkins job which regularly runs builds using the victims-scan profile, and then emails output to an appropriate list if the build fails due to the victims scan. I think an appropriate trigger for the job would be a weekly timer. Would it be possible to create such a job? Is there any way I can assist to make it happen?
Thanks
--
David Jorm / Red Hat Security Response Team
_______________________________________________
wildfly-dev mailing list
wildfly-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev