-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] New Mend (formerly Whitesource) integration is not working correctly - autoclosed #1593
Comments
What is specifically failing when using Java 8? |
WhiteSource integration can't scan all libraries comprehensively currently. @bbarani and I are reaching out to WhiteSource support separately for this same issue. However, we got different respond from them. Barani was told that the issue is because of an unsupported Gradle version v6.6.1 which is necessary for our project build, while I was told it's related to java version. We are keeping contacting them and will also have another backup plan for CVEs scan on repos. |
@zelinh One of the recent PRs #1603 had a successful WhiteSource run https://github.com/opensearch-project/OpenSearch/runs/4296697988. Was any fix done for this? |
WhiteSource integration check on PR passes if there is no new vulnerability introduced in the PR. However, the general CVEs scan with WhiteSource integration in this repo is not working correctly and not showing the right number of libraries. There might be package manager version issue on WhiteSource side. We are escalating this issue with WhiteSource support and waiting for them to help us. |
I just got notice from WhiteSource team after their team review; it turned out to be a part of a bigger problem with how they manage versions of all the scanners in WhiteSource integration. They had an epic ticket for this and will keep us updated with the progress. |
@zelinh The Whitesource job on 1.x fails after 375m. Is there any update here? |
Unfortunately no, I had a meeting with WhiteSource support last Monday regarding of the issue on scanning our core repo and she said she would escalate this issue but I haven't heard any update from them since then. |
Until this gets fixed, let's disable the whitesource integration. Otherwise this is blocking our ability to build on 1.3 |
We will remove the mend scan config now, to resolve this temporarily and would look into re-adding it later on. |
✔️ This issue was automatically closed by Mend because the errors have been resolved. |
Describe the bug
We previous installed a WhiteSource Github app for CVEs scan. However, it doesn't work correctly at this time. We just get informed from WhiteSource support that they are using Java 8 for their integration with Github.com. Although we currently began to support Java 11, it would still cause the gradle resolution failed.
To Reproduce
N/A
Expected behavior
A clear and concise description of what you expected to happen.
Plugins
WhiteSource integration with Github.com
The text was updated successfully, but these errors were encountered: