Hi Zookeepers, while working on the migration of OWASP task to the Maven build I found that currently the CI Job (https://builds.apache.org/job/ZooKeeper-trunk-owasp/) is not working properly.
On my laptop both the ant task and the maven one are reporting several issues, due to dependencies updated/introduced recently, like Netty 4.1.29 (which is not the latest and greatest released version) I have attached my logs in JIRA https://issues.apache.org/jira/browse/ZOOKEEPER-3256 This is the patch to add OWASP to Maven build https://github.com/apache/zookeeper/pull/788 My proposal: 1) commit PR #788 to all the active branches 2) create an issue to address the new issues and upgrade all the deps and/or add suppressions 3) add OWASP job to the new Maven CI pre-commit/post-commit As soon as we commit the plugin configuration I will setup the CI Job for OWASP. Please anyone try out my patch and/or the ant task and confirm my findings. I am trying to understand why CI jobs is not reporting the same results as on my laptop. Actually my best guess is that it is not re-downloading CVE patterns from NIST and so it is working with stale information. Regards Enrico
