[
https://issues.apache.org/jira/browse/CASSANDRA-18618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17738367#comment-17738367
]
Jacek Lewandowski commented on CASSANDRA-18618:
-----------------------------------------------
Should we run OWASP scan somewhere? I can see it is failing now:
{noformat}
Dependency-Check Failure:
One or more dependencies were identified with vulnerabilities that have a CVSS
score greater than or equal to '1.0':
jackson-databind-2.13.2.2.jar: CVE-2023-35116
snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
{noformat}
> Update tasks configuration to run checks locally when requested
> ---------------------------------------------------------------
>
> Key: CASSANDRA-18618
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18618
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Jacek Lewandowski
> Assignee: Jacek Lewandowski
> Priority: Normal
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Currently CheckStyle and RAT are run with almost every single Ant target,
> which is annoying as when developing locally. The targets should be clear -
> "test" - runs the tests, "jar" - builds the project and creates jars, and
> then we should have a task "check" which runs all the static analysis, that
> is CheckStyle, RAT and Eclipse-Warnings (or whatever we decide to replace
> Eclipse-Warnings with).
> Such goal should be include in "artifacts" and we should run it instead of
> "eclipse-warnings" on CircleCI. This way building, static analysis and
> testings are clearly separated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
