Skip to content

Suppress compilation in SAST jobs

David Diederich requested to merge sast-precompilation into master

These jobs all depend on the compile-and-unit-test operation, and for maven jobs, the target directories with built executables and the .m2 cache will both be present. By supppressing the compilation, this not only speeds up execution, but also removes the need to "teach" the SAST jobs about the proper way to build the projects.

Pipelines for projects that utilize the spotbug-sast job:

https://community.opengroup.org/divido/multi-pipeline-launcher/-/pipelines/94257

The only failing one was a gemnasium run on ingestion-service, that failed because the 0.9.0-SNAPSHOT dependencies weren't found. This project appears not to have been updated in some time, and isn't part of the normal release process, so I don't think it is a relevant test. Even if it were, gemnasium isn't affected by a spotbugs change -- and the fix would be to move to a stable release library.

This Fixes #24 (closed) as well.

Edited by David Diederich

Merge request reports

Loading