Details
-
Type:
Story
-
Status: Done
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.5.2
-
Fix Version/s: 3.6.0
-
Component/s: Firewall, IQ Integration
-
Labels:None
-
Release Note:Yes
Description
Different repository types have various metadata like files Firewall should ignore (as in not consider components and do policy evaluation). For example:
- p2 meta-data files
- PyPI /simple/*
- npm package metadata
- Maven metadata (which we already ignore)
If you have a "component unknown" policy it will constantly be triggered for these.
Acceptance
- Feature for RM 3. See CLM-8494 for RM 2.
- RM filters based on a list managed through the HDS; list is retrieved via IQ Server.
- List should not change often, can get the list once per day. Users will have to wait until the update interval. Will add a force update feature based on demand.
- This story ignores the need to update the existing repository results. Future story to figure out how that will work and ramifications.
Firewall for RM 3 ignoring irrelevant files - points: 5, 5, 8
p2 metadata details
Firewall in Nexus should not scan p2 metadata files:
- artifacts.jar
- artifacts.xml
- compositeArtifacts.jar
- compositeArtifacts.xml
- content.jar
- content.xml
- compositeContent.xml
- compositeContent.jar