Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan for
known vulnerable dependencies at build time. The rationale behind putting this scan into a
separate profile was to ensure that it had no deleterious impact on day-to-day
development. To ensure that we do get some regular scans performed, the missing step is to
create a jenkins job which regularly runs builds using the victims-scan profile, and then
emails output to an appropriate list if the build fails due to the victims scan. I think
an appropriate trigger for the job would be a weekly timer. Would it be possible to create
such a job? Is there any way I can assist to make it happen?
Thanks
--
David Jorm / Red Hat Security Response Team