zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli <eolive...@gmail.com>
Subject OWASP task failing again ! but is CI lying ?
Date Sat, 26 Jan 2019 10:44:21 GMT
Hi Zookeepers,
while working on the migration of OWASP task to the Maven build I
found that currently the CI Job
(https://builds.apache.org/job/ZooKeeper-trunk-owasp/) is not working
properly.

On my laptop both the ant task and the maven one are reporting several
issues, due to dependencies updated/introduced recently, like Netty
4.1.29 (which is not the latest and greatest released version)

I have attached my logs in JIRA
https://issues.apache.org/jira/browse/ZOOKEEPER-3256

This is the patch to add OWASP to Maven build
https://github.com/apache/zookeeper/pull/788

My proposal:
1) commit PR #788 to all the active branches
2) create an issue to address the new issues and upgrade all the deps
and/or add suppressions
3) add OWASP job to the new Maven CI pre-commit/post-commit

As soon as we commit the plugin configuration I will setup the CI Job for OWASP.

Please anyone try out my patch and/or the ant task and confirm my findings.
I am trying to understand why CI jobs is not reporting the same
results as on my laptop. Actually my best guess is that it is not
re-downloading CVE patterns from NIST and so it is working with stale
information.

Regards
Enrico

Mime
View raw message