jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1259636540
##########
build.xml:
##########
@@ -540,6 +539,14 @@
<copy todir="${basedir}/conf"
file="${build.classes.main}/META-INF/hotspot_compiler"/>
</target>
+ <target name="check" depends="_main-jar,build-test" description="Verifies
the source code and dependencies">
+ <antcall target="rat-check" inheritrefs="true"/>
+ <antcall target="_assert_rat_output" inheritrefs="true"/>
+ <antcall target="checkstyle" inheritrefs="true"/>
+ <antcall target="checkstyle-test" inheritrefs="true"/>
+ <antcall target="eclipse-warnings" inheritrefs="true"/>
Review Comment:
We should have a dedicated ticket for that. Unless the project dependencies
are changed, the developer cannot be blamed for CVEs.
Also, if the dependency set is not changed, it does not make sense to
download and analyze the project against the whole database because we can be
affected only by CVEs which are discovered recently.
There are a couple of valuable things we can do about dependency checks,
including license analysis, and I'd like to avoid mixing this PR with that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
