Hi Steve, We can run CLM on any job by typing ‘run-clm’, see https://wiki.onap.org/display/DW/Configuring+Gerrit#ConfiguringGerrit-Run-clm
I’ve started a CLM run on your CXF patch to see how it affects the results. Thanks, Marcus Williams IRC, Twitter, etc. @ mgkwill Intel Corp. From: [email protected] [mailto:[email protected]] On Behalf Of Steve Smokowski Sent: Tuesday, August 7, 2018 12:53 PM To: [email protected]; Williams, Marcus <[email protected]>; [email protected] Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities A lot seem to just be base spring-boot imports, some are not used. I can look at how we would possibly exclude them. I upgraded today the cxf, dependency, so we should re-run the scan to see if that one goes away at least. Thanks -Steve From: <[email protected]<mailto:[email protected]>> on behalf of Marcus G K Williams <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Tuesday, August 7, 2018 at 3:48 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi Seshu, If the issues had been addressed in Beijing, we forgot to cherry pick them to master. But I doubt that because CLM seemed to be broken until recently. The scan is running on jenkings in the CLM job and it is scanning master. Here are the last two jobs run on master (they match vulnerability numbers I stated below): https://jenkins.onap.org/view/so/job/so-maven-clm-master/31/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dmaven-2Dclm-2Dmaster_31_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=SZWmwnBpekGukcnRWoqCGUVLMVrazK9IMbbDHxyz6_M&e=> https://jenkins.onap.org/view/so/job/so-libs-maven-clm-master/47/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dlibs-2Dmaven-2Dclm-2Dmaster_47_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=rI6pwE1JPjvARw0kvAtUxCpxUAD3k2x3asNp1H5oowY&e=> Either way, we should discuss as a community how to tackle these and future security/license issues. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11728): https://lists.onap.org/g/onap-discuss/message/11728 Mute This Topic: https://lists.onap.org/mt/24216241/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
