Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities

Tue, 07 Aug 2018 12:58:04 -0700 

Is theressome documentation around all these tricks to get the pipelines to do 
things like clm/sonar/etc?

Thanks

-Steve


From: "Williams, Marcus" <marcus.willi...@intel.com>
Date: Tuesday, August 7, 2018 at 3:57 PM
To: "onap-discuss@lists.onap.org" <onap-discuss@lists.onap.org>, "SMOKOWSKI, 
STEVEN" <ss8...@att.com>, "seshu.kuma...@huawei.com" <seshu.kuma...@huawei.com>
Subject: RE: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities

Hi Steve,

We can run CLM on any job by typing ‘run-clm’, see 
https://wiki.onap.org/display/DW/Configuring+Gerrit#ConfiguringGerrit-Run-clm<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_Configuring-2BGerrit-23ConfiguringGerrit-2DRun-2Dclm&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=w-lVXp0zkzQUegEtEwvrPsyyNw5ov14_HpEQ515rEjU&s=7UiS-9RJ4IkgXCMO7AhtYz7d7e_lsw15yW0jDnjKink&e=>

I’ve started a CLM run on your CXF patch to see how it affects the results.

Thanks,

Marcus Williams
IRC, Twitter, etc. @ mgkwill
Intel Corp.

From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On 
Behalf Of Steve Smokowski
Sent: Tuesday, August 7, 2018 12:53 PM
To: onap-discuss@lists.onap.org; Williams, Marcus <marcus.willi...@intel.com>; 
seshu.kuma...@huawei.com
Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities

A lot seem to just be base spring-boot imports, some are not used.  I can look 
at how we would possibly exclude them.  I upgraded today the cxf, dependency, 
so we should re-run the scan to see if that one goes away at least.

Thanks

-Steve


From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of Marcus G K Williams 
<marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>" 
<marcus.willi...@intel.com<mailto:marcus.willi...@intel.com>>
Date: Tuesday, August 7, 2018 at 3:48 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"seshu.kuma...@huawei.com<mailto:seshu.kuma...@huawei.com>" 
<seshu.kuma...@huawei.com<mailto:seshu.kuma...@huawei.com>>
Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities

Hi Seshu,

If the issues had been addressed in Beijing, we forgot to cherry pick them to 
master. But I doubt that because CLM seemed to be broken until recently. The 
scan is running on jenkings in the CLM job and it is scanning master.

Here are the last two jobs run on master (they match vulnerability numbers I 
stated below):
https://jenkins.onap.org/view/so/job/so-maven-clm-master/31/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dmaven-2Dclm-2Dmaster_31_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=SZWmwnBpekGukcnRWoqCGUVLMVrazK9IMbbDHxyz6_M&e=>
https://jenkins.onap.org/view/so/job/so-libs-maven-clm-master/47/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dlibs-2Dmaven-2Dclm-2Dmaster_47_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=rI6pwE1JPjvARw0kvAtUxCpxUAD3k2x3asNp1H5oowY&e=>

Either way, we should discuss as a community how to tackle these and future 
security/license issues.


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11729): https://lists.onap.org/g/onap-discuss/message/11729
Mute This Topic: https://lists.onap.org/mt/24216241/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to