[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-366997501 Never mind, I found the problem. It is caused due to maven version [1]. Now I see the need for PR #2343. @khos2ow I think we need to revisit and move that PR forward. Travis is already using Maven 3.5, so the problem is not due to maven version there. I believe the problem is due to "dependency-check-maven" first run, when it downloads and processes CVEs to populate its local database. @DaanHoogland we need to add `travis_wait ` in front of `install: ./tools/travis/install.sh` directive. Something like `install: travis_wait 30 ./tools/travis/install.sh` [1] http://maven.40175.n5.nabble.com/Re-Build-failed-in-Jenkins-maven-plugins-ITs-m3-972-td5755380.html This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-366989635 @DaanHoogland I pulled your branch and I tried to compile it here, but I got the following error: > Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check (default) on project cloudstack: A type incompatibility occured while executing org.owasp:dependency-check-maven:3.1.1:check: org.sonatype.aether.util.DefaultRepositorySystemSession cannot be cast to org.eclipse.aether.RepositorySystemSession This is the command I am using: `mvn clean install -P developer -Dsimulator -Dmaven.test.skip=false` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-366975836 I restarted travis job, if it turns out green I will proceed and merge this one This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-364075710 So, what we need is a jenkins job to report the "sanity/quality" of a PR's dependencies as a status in the Github's PR page. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363748671 because it might start breaking our builds and then we will have to fix it? I wonder if this report will be something like the Coverity report that we had or even the sonar report that we had (do we still have them?) that people just ignore. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363748671 because it might start breaking our builds and then we will have to fix it? I wonder if this report generate will not be something like the Coverity report that we had or even the sonar report that we had (do we still have them?) that people just ignore. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363717280 Is there a property to fail the build in case we find a vulnerable component? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services