DDF-5597 updated dependency-check properties for local NVD#5654
Merged
Conversation
Member
Author
|
build now |
|
Internal build has been scheduled, your results will be available at build completion. |
brjeter
approved these changes
Dec 3, 2019
| <plugin> | ||
| <groupId>org.owasp</groupId> | ||
| <artifactId>dependency-check-maven</artifactId> | ||
| <version>${dependency-check-maven.version}</version> |
Contributor
There was a problem hiding this comment.
❓ The version is defined in the dependencyManagement section of ddf-parent, right?
Member
Author
There was a problem hiding this comment.
Great question. Looks like I made a mistake here, but it still works. I'll put the version back in. It seems like it grabs the latest version of dependency-check (5.2.4) and runs it just fine. There would be a pro to getting the latest, it just wouldn't be stable. Currently we are using 5.2.2 so might be time to upgrade again
LinkMJB
approved these changes
Dec 3, 2019
|
Refer to this link for build results (access rights to CI server needed): |
Member
Author
|
build now |
|
Internal build has been scheduled, your results will be available at build completion. |
|
Refer to this link for build results (access rights to CI server needed): Build result: FAILURE[...truncated 11.66 MB...] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:140) at io.fabric8.maven.docker.access.hc.ApacheHttpClientDelegate.post(ApacheHttpClientDelegate.java:102) at io.fabric8.maven.docker.access.hc.DockerAccessWithHcClient.buildImage(DockerAccessWithHcClient.java:252) ... 40 more[ERROR] [ERROR] Re-run Maven using the -X switch to enable full debug logging.[ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles:[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException[ERROR] [ERROR] After correcting the problems, you can resume the build with the command[ERROR] mvn -rf :ddfchannel stoppedNew run name is 'PR 5654'Taking single-use slave mesos-jenkins-437ccf59-linux-large offline.+ echo ERROR: dockerd exited, or diedERROR: dockerd exited, or died+ sleep 5Archiving artifactsAdding one-line test results to commit status...Setting status of a73f792 to FAILURE with url https://jenkins.codice.org/job/DDF-Jobs/job/pr/job/Linux/7791/ and message: 'JOB FAILURE: https://jenkins.codice.org/job/DDF-Jobs/job/pr/job/Linux/7791/ 14954 tests run, 74 skipped, 0 failed.'Using context: Internal CI Pipeline❌ JOB FAILURE |
Member
Author
|
build now |
|
Internal build has been scheduled, your results will be available at build completion. |
|
Refer to this link for build results (access rights to CI server needed): |
shaundmorris
added a commit
to shaundmorris/ddf
that referenced
this pull request
Dec 19, 2019
* DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version
AdamBurstynski
pushed a commit
to AdamBurstynski/ddf
that referenced
this pull request
Dec 20, 2019
* DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd)
AdamBurstynski
pushed a commit
to AdamBurstynski/ddf
that referenced
this pull request
Dec 20, 2019
* DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd)
AdamBurstynski
pushed a commit
to AdamBurstynski/ddf
that referenced
this pull request
Dec 20, 2019
* DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd)
AdamBurstynski
pushed a commit
to AdamBurstynski/ddf
that referenced
this pull request
Dec 20, 2019
* DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd)
AdamBurstynski
pushed a commit
that referenced
this pull request
Dec 20, 2019
* Updated Jenkinsfile (#5190) Removed the Xss thread stack size option and added a minimum heap memory option to maven opts (cherry picked from commit e523306) * Increased timeout value to prevent build abortions (need to RCA why builds are taking longer) (cherry picked from commit 68b9232) * DDF-5504 Upgraded to DDF-Parent 1.0.8 and Dependency-Check 5.2.2 (#5510) Cleaned-up dependency-check configuration DDF-5504 Updated dependency-check stage to be more efficient DDF-5504 Updated DDF-Parent and Depdendency-Check DDF-5504 Added dependency-check:aggregate to non-PR builds (cherry picked from commit 0456c03) * DDF-5578 updated codecov stage to be more efficient (#5579) (cherry picked from commit 2e7ec9e) * Archive the dependecy-check aggregate report after the owasp stage finishes. (#5643) (cherry picked from commit 03a3865) * General Jenkinsfile cleanup. (#5666) Moved Codeco.io to be right after the ITests. Removed all the commented windows sections. Removed unneeded parallel sections as well. Added in Commenting onto PR builds using internal library function postCommetnIfPR. (cherry picked from commit efe40ac) * DDF-5597 updated dependency-check properties for local NVD (#5654) * DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd) Co-authored-by: Ryan Zwiefelhofer <rzwiefel@users.noreply.github.com> Co-authored-by: Matthew Bates <matthew.bates@connexta.com> Co-authored-by: Shaun Morris <shaundmorris@users.noreply.github.com>
shaundmorris
added a commit
that referenced
this pull request
Jan 3, 2020
* DDF-5578 updated codecov stage to be more efficient (#5579) (cherry picked from commit 2e7ec9e) * Archive the dependecy-check aggregate report after the owasp stage finishes. (#5643) (cherry picked from commit 03a3865) * General Jenkinsfile cleanup. (#5666) Moved Codeco.io to be right after the ITests. Removed all the commented windows sections. Removed unneeded parallel sections as well. Added in Commenting onto PR builds using internal library function postCommetnIfPR. (cherry picked from commit efe40ac) * DDF-5597 updated dependency-check properties for local NVD (#5654) * DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd) Co-authored-by: Shaun Morris <shaundmorris@users.noreply.github.com>
AdamBurstynski
pushed a commit
that referenced
this pull request
Jan 6, 2020
* Archive the dependecy-check aggregate report after the owasp stage finishes. (#5643) (cherry picked from commit 03a3865) * Updated Jenkinsfile (#5190) Removed the Xss thread stack size option and added a minimum heap memory option to maven opts (cherry picked from commit e523306) * DDF-5578 updated codecov stage to be more efficient (#5579) (cherry picked from commit 2e7ec9e) * Increased timeout value to prevent build abortions (need to RCA why builds are taking longer) (cherry picked from commit 68b9232) * General Jenkinsfile cleanup. (#5666) Moved Codeco.io to be right after the ITests. Removed all the commented windows sections. Removed unneeded parallel sections as well. Added in Commenting onto PR builds using internal library function postCommetnIfPR. (cherry picked from commit efe40ac) * DDF-5504 Upgraded to DDF-Parent 1.0.8 and Dependency-Check 5.2.2 (#5510) Cleaned-up dependency-check configuration DDF-5504 Updated dependency-check stage to be more efficient DDF-5504 Updated DDF-Parent and Depdendency-Check DDF-5504 Added dependency-check:aggregate to non-PR builds (cherry picked from commit 0456c03) (cherry picked from commit 6a48ac2) * DDF-5597 updated dependency-check properties for local NVD (#5654) * DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd) Co-authored-by: Ryan Zwiefelhofer <rzwiefel@users.noreply.github.com> Co-authored-by: Shaun Morris <shaundmorris@users.noreply.github.com> Co-authored-by: Matthew Bates <matthew.bates@connexta.com>
AdamBurstynski
pushed a commit
that referenced
this pull request
Jan 9, 2020
* DDF-5504 Upgraded to DDF-Parent 1.0.8 and Dependency-Check 5.2.2 (#5510) Cleaned-up dependency-check configuration DDF-5504 Updated dependency-check stage to be more efficient DDF-5504 Updated DDF-Parent and Depdendency-Check DDF-5504 Added dependency-check:aggregate to non-PR builds (cherry picked from commit 0456c03) * DDF-5578 updated codecov stage to be more efficient (#5579) (cherry picked from commit 2e7ec9e) * Increased timeout value to prevent build abortions (need to RCA why builds are taking longer) (cherry picked from commit 68b9232) * Archive the dependecy-check aggregate report after the owasp stage finishes. (#5643) (cherry picked from commit 03a3865) * General Jenkinsfile cleanup. (#5666) Moved Codeco.io to be right after the ITests. Removed all the commented windows sections. Removed unneeded parallel sections as well. Added in Commenting onto PR builds using internal library function postCommetnIfPR. (cherry picked from commit efe40ac) * DDF-5597 updated dependency-check properties for local NVD (#5654) * DDF-5597 updated dependency-check properties * DDF-5597 added back dependency-check maven version (cherry picked from commit 365bfdd) Co-authored-by: Shaun Morris <shaundmorris@users.noreply.github.com> Co-authored-by: Matthew Bates <matthew.bates@connexta.com>
LinkMJB
pushed a commit
that referenced
this pull request
Mar 19, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Allows builds to use local NVD
Who is reviewing it?
@bakejeyner
@AdamBurstynski
@TonyMorrison
@mojogitoverhere
@jordanwilking
Select relevant component teams:
@codice/build
@codice/continuous-integration
@codice/security
Ask 2 committers to review/merge the PR and tag them here.
@oconnormi
@brjeter
How should this be tested?
Any background context you want to provide?
What are the relevant tickets?
Fixes: #5597
Screenshots
Checklist:
Notes on Review Process
Please see Notes on Review Process for further guidance on requirements for merging and abbreviated reviews.
Review Comment Legend:
This change is