[wildfly-dev] Implementing enforce-victims-rule in wildfly builds
David Jorm
djorm at redhat.com
Tue Jun 4 01:48:38 EDT 2013
This bug is now fixed in enforce-victims-rule 1.3, which was released to maven central today. This release also includes a range of performance improvements, including caching, which significantly improves performance after the first build of a given project. We have tested it with WildFly 8 on a system where build time without the plugin was 10 minutes. With the plugin, the first build took 19 minutes, and all subsequent builds took 11 minutes.
Can you please rm -rf ~/.victims/ then update your POM to reference enforce-victims-rule 1.3 and try again?
Thanks
David
> Thanks for reporting this issue. We suspect it is actually a bug in the
> victims library, as false negatives or artifacts that do not exist in the DB
> should simply pass inspection with no warning or failure. We've fixed the
> suspected bug and we're currently working on an updated release, I will
> respond to the list once that is complete so you can test.
>
> Thanks
> David
>
> > Yes, the build failed. This plugin can be configured to WARNING level
> > in the pom, but we then we won't catch the real problems. In the test
> > run, I just copied the pom snippet from
> > https://github.com/victims/victims-enforcer
> >
> > In my case, the failed test project is
> > https://github.com/jberet/jsr352/blob/master/test-apps/postConstruct/pom.xml,
> > which has just 1 direct dependency: an internal peer sub-module, which I
> > guess is not known to the scanner database. Probably that's why it
> > failed? But other similarlly-structured sub-modules passed (e.g.,
> > https://github.com/jberet/jsr352/blob/master/test-apps/propertyInjection/pom.xml)
> >
> > Cheng
> >
> > On 5/29/13 9:55 AM, Brian Stansberry wrote:
> > > On 5/28/13 9:56 PM, Cheng Fang wrote:
> > >> The possible false negatives (as David mentioned in his original email)
> > >> can also complicate otherwise successful builds. The following error
> > >> message might have been caused by gaps in the database, though it's not
> > >> clear which dependency it is complaining about.
> > >>
> > >> [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
> > >> Could not determine vulnerabilities for hash:
> > >> 8edd1a0bf70467791ec883b7452c21333e829ab714c83090f8328d8205f159f2669772dd66db01af60debd40402e994be7b08527e8f90211425567b52e6b9472
> > >>
> > > Does that fail the build, or is the problem limited to noise in the
> > > build log?
> > >
> >
> > _______________________________________________
> > wildfly-dev mailing list
> > wildfly-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
>
More information about the wildfly-dev
mailing list