BULL-3245: Add dependency check job (!10) · Merge requests · Platform One / Party Bus / fiesta-wagon / fiesta-wagon-templates · GitLab

UNCLASSIFIED - NO CUI

Snippets Groups Projects

Merged Douglas Lagemann requested to merge BULL-3245_dependency_check_job into main 3 months ago

All threads resolved!

Dependency check is a complex job, but fortunately most of it works out of the box from the publicly-hosted dependency-check docker image. Some of the work done by the PB pipeline can only be emulated by fiesta wagon once we have a local instance of SonarQube up, so for now, this just produces the dependency check report. This improvement and others are captured in a follow-up ticket BULL-3328.

WARNING: The first time dependency-check is run in a local environment, it will download the entirety of the NVD without using an API key. This took me around 90 minutes. Subsequent runs will only check for and download updates which should take less than a minute, depending on the number of updates.

Activity

Douglas Lagemann @douglagemann started a thread on an old version of the diff 3 months ago

Resolved 2 months ago by Douglas Lagemann
Last reply by Douglas Lagemann 2 months ago

Douglas Lagemann added 1 commit 2 months ago

added 1 commit

66e2b451 - try to use global volume instead of local directory

Compare with previous version

Patrick Tafoya @patrick.tafoya started a thread on an old version of the diff 2 months ago

Resolved 2 months ago by Douglas Lagemann

Douglas Lagemann added 1 commit 2 months ago

added 1 commit

d10dc180 - fix global volume

Compare with previous version

Patrick Tafoya approved this merge request 2 months ago

approved this merge request

Douglas Lagemann resolved all threads 2 months ago

resolved all threads

Douglas Lagemann mentioned in commit 2 months ago

mentioned in commit 92c178ec

Douglas Lagemann merged 2 months ago

merged

Please register or sign in to reply

UNCLASSIFIED - NO CUI