9:41 p.m.
Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan for
known vulnerable dependencies at build time. The rationale behind putting this scan into a
separate profile was to ensure that it had no deleterious impact on day-to-day
development. To ensure that we do get some regular scans performed, the missing step is to
create a jenkins job which regularly runs builds using the victims-scan profile, and then
emails output to an appropriate list if the build fails due to the victims scan. I think
an appropriate trigger for the job would be a weekly timer. Would it be possible to create
such a job? Is there any way I can assist to make it happen?
Thanks
--
David Jorm / Red Hat Security Response Team
4:48 a.m.
Here you go:
http://brontes.lab.eng.brq.redhat.com/viewType.html?buildTypeId=WF_Master...
--
tomaz
On Tue, Aug 27, 2013 at 4:41 AM, David Jorm <djorm(a)redhat.com> wrote:
Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan
for known vulnerable dependencies at build time. The rationale behind
putting this scan into a separate profile was to ensure that it had no
deleterious impact on day-to-day development. To ensure that we do get some
regular scans performed, the missing step is to create a jenkins job which
regularly runs builds using the victims-scan profile, and then emails
output to an appropriate list if the build fails due to the victims scan. I
think an appropriate trigger for the job would be a weekly timer. Would it
be possible to create such a job? Is there any way I can assist to make it
happen?
Thanks
--
David Jorm / Red Hat Security Response Team
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
4087
days inactive
4087
days old
1 comments
2 participants
participants (2)
-
David Jorm -
Tomaž Cerar