[wildfly-dev] Implementing enforce-victims-rule in wildfly builds
Cheng Fang
cfang at redhat.com
Wed May 29 10:15:27 EDT 2013
Yes, the build failed. This plugin can be configured to WARNING level
in the pom, but we then we won't catch the real problems. In the test
run, I just copied the pom snippet from
https://github.com/victims/victims-enforcer
In my case, the failed test project is
https://github.com/jberet/jsr352/blob/master/test-apps/postConstruct/pom.xml,
which has just 1 direct dependency: an internal peer sub-module, which I
guess is not known to the scanner database. Probably that's why it
failed? But other similarlly-structured sub-modules passed (e.g.,
https://github.com/jberet/jsr352/blob/master/test-apps/propertyInjection/pom.xml)
Cheng
On 5/29/13 9:55 AM, Brian Stansberry wrote:
> On 5/28/13 9:56 PM, Cheng Fang wrote:
>> The possible false negatives (as David mentioned in his original email)
>> can also complicate otherwise successful builds. The following error
>> message might have been caused by gaps in the database, though it's not
>> clear which dependency it is complaining about.
>>
>> [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
>> Could not determine vulnerabilities for hash:
>> 8edd1a0bf70467791ec883b7452c21333e829ab714c83090f8328d8205f159f2669772dd66db01af60debd40402e994be7b08527e8f90211425567b52e6b9472
>>
> Does that fail the build, or is the problem limited to noise in the
> build log?
>
More information about the wildfly-dev
mailing list