-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The master release doesn't deploy the CycloneDX files #25026
Comments
One difference between 7.x and 8.x: 7.x: glassfish/nucleus/parent/pom.xml Line 27 in 1d3efd3
8.x: glassfish/nucleus/parent/pom.xml Line 27 in 59fdd9b
Therefore, the assembly of the GF8 gives us a lot of CycloneDX warnings. |
The fastest profile is used in the release process
Also developers can have own profiles in settings.xml. Maybe there is a better place to disable the cyclone. Or we need another profile for the release process. However at some point it would be useful to have the OWASP check locally too, but that is different plugin. Hmmm, they have different targets. Probably the CycloneDX could be executed really just for releases + explicitly. |
Yet one idea - we can also push the cyclonedx plugin execution to the deploy phase (but it must be executed before the deploy plugin). |
Maybe in release job, where |
See
Note that in #24997 is another change that might be related in the future. Also I am not sure what are standard rules for this, we should read some docs about it.
The text was updated successfully, but these errors were encountered: