zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli <eolive...@gmail.com>
Subject Re: OWASP task failing again ! but is CI lying ?
Date Sat, 26 Jan 2019 11:54:35 GMT
I have forced the download of pattern and now the results are
consistent with the ones on my laptop

see the results:

In patch:

I have added the fix to force the download of patterns at every run.

IMHO it is better to merge the patch soon


Il giorno sab 26 gen 2019 alle ore 11:44 Enrico Olivelli
<eolivelli@gmail.com> ha scritto:
> Hi Zookeepers,
> while working on the migration of OWASP task to the Maven build I
> found that currently the CI Job
> (https://builds.apache.org/job/ZooKeeper-trunk-owasp/) is not working
> properly.
> On my laptop both the ant task and the maven one are reporting several
> issues, due to dependencies updated/introduced recently, like Netty
> 4.1.29 (which is not the latest and greatest released version)
> I have attached my logs in JIRA
> https://issues.apache.org/jira/browse/ZOOKEEPER-3256
> This is the patch to add OWASP to Maven build
> https://github.com/apache/zookeeper/pull/788
> My proposal:
> 1) commit PR #788 to all the active branches
> 2) create an issue to address the new issues and upgrade all the deps
> and/or add suppressions
> 3) add OWASP job to the new Maven CI pre-commit/post-commit
> As soon as we commit the plugin configuration I will setup the CI Job for OWASP.
> Please anyone try out my patch and/or the ant task and confirm my findings.
> I am trying to understand why CI jobs is not reporting the same
> results as on my laptop. Actually my best guess is that it is not
> re-downloading CVE patterns from NIST and so it is working with stale
> information.
> Regards
> Enrico

View raw message