Is theressome documentation around all these tricks to get the pipelines to do things like clm/sonar/etc?
Thanks -Steve From: "Williams, Marcus" <marcus.willi...@intel.com> Date: Tuesday, August 7, 2018 at 3:57 PM To: "onap-discuss@lists.onap.org" <onap-discuss@lists.onap.org>, "SMOKOWSKI, STEVEN" <ss8...@att.com>, "seshu.kuma...@huawei.com" <seshu.kuma...@huawei.com> Subject: RE: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi Steve, We can run CLM on any job by typing ‘run-clm’, see https://wiki.onap.org/display/DW/Configuring+Gerrit#ConfiguringGerrit-Run-clm<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_Configuring-2BGerrit-23ConfiguringGerrit-2DRun-2Dclm&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=w-lVXp0zkzQUegEtEwvrPsyyNw5ov14_HpEQ515rEjU&s=7UiS-9RJ4IkgXCMO7AhtYz7d7e_lsw15yW0jDnjKink&e=> I’ve started a CLM run on your CXF patch to see how it affects the results. Thanks, Marcus Williams IRC, Twitter, etc. @ mgkwill Intel Corp. From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On Behalf Of Steve Smokowski Sent: Tuesday, August 7, 2018 12:53 PM To: onap-discuss@lists.onap.org; Williams, Marcus <marcus.willi...@intel.com>; seshu.kuma...@huawei.com Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities A lot seem to just be base spring-boot imports, some are not used. I can look at how we would possibly exclude them. I upgraded today the cxf, dependency, so we should re-run the scan to see if that one goes away at least. Thanks -Steve From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on behalf of Marcus G K Williams <marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>> Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>" <marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>> Date: Tuesday, August 7, 2018 at 3:48 PM To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "seshu.kuma...@huawei.com<mailto:seshu.kuma...@huawei.com>" <seshu.kuma...@huawei.com<mailto:seshu.kuma...@huawei.com>> Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi Seshu, If the issues had been addressed in Beijing, we forgot to cherry pick them to master. But I doubt that because CLM seemed to be broken until recently. The scan is running on jenkings in the CLM job and it is scanning master. Here are the last two jobs run on master (they match vulnerability numbers I stated below): https://jenkins.onap.org/view/so/job/so-maven-clm-master/31/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dmaven-2Dclm-2Dmaster_31_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=SZWmwnBpekGukcnRWoqCGUVLMVrazK9IMbbDHxyz6_M&e=> https://jenkins.onap.org/view/so/job/so-libs-maven-clm-master/47/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dlibs-2Dmaven-2Dclm-2Dmaster_47_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=rI6pwE1JPjvARw0kvAtUxCpxUAD3k2x3asNp1H5oowY&e=> Either way, we should discuss as a community how to tackle these and future security/license issues. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11729): https://lists.onap.org/g/onap-discuss/message/11729 Mute This Topic: https://lists.onap.org/mt/24216241/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-