cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10271) detect vulnerabilities in depndencies
Date Tue, 20 Feb 2018 14:40:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16370110#comment-16370110
] 

ASF GitHub Bot commented on CLOUDSTACK-10271:
---------------------------------------------

rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency
check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-366997501
 
 
   Never mind, I found the problem. It is caused due to maven version [1]. Now I see the need
for PR #2343.
   @khos2ow I think we need to revisit and move that PR forward. 
   
   Travis is already using Maven 3.5, so the problem is not due to maven version there. I
believe the problem is due to "dependency-check-maven" first run, when it downloads and processes
CVEs to populate its local database.
   
   @DaanHoogland we need to add `travis_wait <someValueBiggerThan10>` in front of `install:
./tools/travis/install.sh` directive. Something like `install: travis_wait 30 ./tools/travis/install.sh`
   
   [1] http://maven.40175.n5.nabble.com/Re-Build-failed-in-Jenkins-maven-plugins-ITs-m3-972-td5755380.html

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> detect vulnerabilities in depndencies
> -------------------------------------
>
>                 Key: CLOUDSTACK-10271
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10271
>             Project: CloudStack
>          Issue Type: Wish
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Daan Hoogland
>            Assignee: Daan Hoogland
>            Priority: Major
>
> As a developer I want to know whether and what dependencies I am using that might harm
my users. For this we need to add the owasp dependency checker to the maven build. It will
require more then just this but it is a good first step.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message