BULL-3245: Add dependency check job (!10) · Merge requests · Platform One / Party Bus / fiesta-wagon / fiesta-wagon-templates

Douglas Lagemann requested to merge BULL-3245_dependency_check_job into main Dec 11, 2024

Dependency check is a complex job, but fortunately most of it works out of the box from the publicly-hosted dependency-check docker image. Some of the work done by the PB pipeline can only be emulated by fiesta wagon once we have a local instance of SonarQube up, so for now, this just produces the dependency check report. This improvement and others are captured in a follow-up ticket BULL-3328.

WARNING: The first time dependency-check is run in a local environment, it will download the entirety of the NVD without using an API key. This took me around 90 minutes. Subsequent runs will only check for and download updates which should take less than a minute, depending on the number of updates.

Admin message

BULL-3245: Add dependency check job

Merge request reports