Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Fixed
Priority: Critical
Fix Version/s: 6.6.6
Affects Version/s: 6.6.5, 7.2.0, 7.1.3
Component/s: analytics
Labels:
- approved-for-6.6.6
- triaged

Story Points:
0

Description

Currently the BOMs published by Analytics build process exclude Couchbase jars – this prevents shadowed third-party dependencies from being reported on the BD reports, which can hide security & licensing issues which may manifest in those dependencies.

In addition, Maven does not provide any metadata in the POM which indicates which dependencies are shadowed, so they are not included in the BOM. We need to explicitly map the shadowed (embedded) dependencies into our published BOM.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Michael Blow

Reporter:: Michael Blow

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Nov/22 6:22 AM

Updated:: 20/Jan/23 12:32 AM

Resolved:: 18/Nov/22 7:12 PM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

MB-54594: += core-io, shadowed deps to BOM & license: Gerrit Review:

MB-54594: += core-io-1.7.20 (6.0.x compat), shadowed deps to BOM & license: Gerrit Review:

Include Couchbase jars & shadowed dependencies in BOM for Analytics BD scans

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty