Skip to content

Add ssdlc-report.sh that uses SpotBugs to create SARIF files #1401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2024
Merged

Add ssdlc-report.sh that uses SpotBugs to create SARIF files #1401

merged 1 commit into from
May 28, 2024

Conversation

stIncMale
Copy link
Member

In the future this script may do more work for us.

JAVA-5431

@stIncMale
Add ssdlc-report.sh that uses SpotBugs to create SARIF files
4985933 
In the future this script may do more work for us.

JAVA-5431
@stIncMale stIncMale requested a review from jyemin May 27, 2024 22:18
@stIncMale stIncMale self-assigned this May 27, 2024
stIncMale
stIncMale commented May 27, 2024
View reviewed changes
.evergreen/ssdlc-report.sh

echo "Creating SSLDC reports"
./gradlew -version
./gradlew -PssdlcReport.enabled=true --continue -x test -x integrationTest -x spotlessApply clean check scalaCheck kotlinCheck testClasses || true
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command most likely fails due to SpotBugs findings, because it ignores spotbugs/exclude.xml. To prevent the whole script from failing, we use || true.

@jyemin
Copy link
Collaborator

jyemin commented May 28, 2024

How do you envision this script being used in the future (as currently there is no Evergreen task that executes it)?

I could see it being called as part of publish-release and the SARIF files being uploaded to S3.

@stIncMale
Copy link
Member Author

How do you envision this script being used in the future (as currently there is no Evergreen task that executes it)?
I could see it being called as part of publish-release and the SARIF files being uploaded to S3.

I also thought that the ssdlc_compliance_report.md will be generated by this same script, ad then similarly to the SARIF files, uploaded to an Amazon S3 bucket that can be read-accessed publicly.

@stIncMale stIncMale merged commit 01ba99d into mongodb:master May 28, 2024
59 checks passed
@stIncMale stIncMale deleted the JAVA-5431 branch May 28, 2024 19:12
jyemin pushed a commit that referenced this pull request Jun 7, 2024
@stIncMale @jyemin
Add ssdlc-report.sh that uses SpotBugs to create SARIF files (#1401)
6623282 
In the future this script may do more work for us.

JAVA-5431
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyemin jyemin jyemin approved these changes

Assignees

@stIncMale stIncMale

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stIncMale @jyemin