DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-365277969
yes of course @rafaelweingartner , let's squash on merge. I am kind of
worried that three of the travis jobs time
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-365042857
@marcaurele are you -1 on this chance as is?
Thi
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-364078111
I think it would be best to have a apache jenkins job that reports to sec@
that doesn't exclude your idea btw,
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-364074852
Let me add to that:
I think a PR should be stopped on a dependency CVE but a build should not
fail. Builds mus
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-364072274
No @marcaurele, we need to go there I agree, but it is a bridge to far now
--
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363748947
yes, they are ignorable, just a help but afcourse we can set them to block
the build. You don't want to do that i
DaanHoogland commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp
dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363747676
@rafaelweingartner i don't want to think about that yet.. :(