|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Hi Steve.
I know about OWASP_DC_SKIP and this variable can be set/unset via parameters or EnvInject plugin but in this case, you'll end up with 2 set of Jenkins jobs.
Nightly jobs, with OWASP_DC_SKIP set to FALSE and daily/on commit jobs with OWASP_DC_SKIP set to TRUE.
It will turn to nighmare if you have hundred of CI jobs.
Worst, developers may miss security issues because they track daily jobs and not nightly.
We succeed to register a single set of job here, with Sonar activated by default BUT skipped on SCM commit (Sonar Plugin feature).
Jobs are triggered by SCM change and nightly (via cron).
By adding such option to DC Plugin to skip analysis on SCM change, DC be compatible with this nightly analysis approach and more easily registered in CI chains.