[wildfly-dev] Jenkins job to run build using victims-scan profile
David Jorm
djorm at redhat.com
Mon Aug 26 22:41:53 EDT 2013
Hi All
Since this PR was merged:
https://github.com/wildfly/wildfly/pull/4939
We now have the "victims-scan" profile in the main POM, which will scan for known vulnerable dependencies at build time. The rationale behind putting this scan into a separate profile was to ensure that it had no deleterious impact on day-to-day development. To ensure that we do get some regular scans performed, the missing step is to create a jenkins job which regularly runs builds using the victims-scan profile, and then emails output to an appropriate list if the build fails due to the victims scan. I think an appropriate trigger for the job would be a weekly timer. Would it be possible to create such a job? Is there any way I can assist to make it happen?
Thanks
--
David Jorm / Red Hat Security Response Team
More information about the wildfly-dev
mailing list