Graalvm: Security Vulnerability Analysis - graalvm-native-image

Just wondering if there is any tool/mechanism for auditing security vulnerabilities in native-image generated using Graalvm native image builder.
For traditional java projects we can do an owsap security scan on the jar and generated report. Do we have anything same for Graalvm native images?

Related

Use ram disk for building Vaadin 8 web app in IntelliJ 2017.1

I would like to speed up compile/build process when making a Maven-based Vaadin 8 app in IntelliJ 2017.1, as well as avoid chewing up my flash-based storage needlessly, by outputting intermediate and final products on a ram drive.
How to configure IntelliJ or my project to use a ram disk?
I am currently running the Vaadin app using the built-in Jetty Servlet container using the included Maven task. In the future I expect to have IntelliJ coordinate with a separate installation of Tomcat Servlet container.
Some perusing revealed:
Project Structure > Project > Project compiler output
Project Structure > Modules > Paths (tab) > Compiler output
Project Structure > Artifacts
Are any or all of those required to be redirected to the ram disk?
Is there a faster, easier, or simpler way to configure output to a ram disk? Perhaps some trick with the Maven POM file?
By comparison, this approach is used by many iOS/macOS developers using Xcode who divert their DerivedData folder to a RAM disk to speed up the compiling process.

Custom Build Step Worklight 6.2

I have two questions about Worklight 6.2 build process:
Question 1: Is it possible to integrate the standard Worklight (6.2) build process with a custom build step?
I need to add it as follows:
Init build process
WLApp Build (optimization step)
Custom step
WLApp packaging
Adapters build and packaging
WAR build and packaging
End build process
Question 2 (about step 3): Is it possible to modify wlapp files before wlapp packaging process (immediatly after the optimization step)?
I'm using the CLI command: wl build.
As of Worklight 6.2, there is no supported way to perform custom activities during the standard Worklight build. For production purposes, where you may want to obfuscate JS, shrink images, etc, it is common to perform this on a build system, PRIOR to the WL build and packaging. This complicates the per-environment optimization, but is the best we can do at this time.
As far as hacking the resulting WLApp file, I do not believe this could be done, as it will fail security checks, once deployed.
We are looking to enable extending the build process in a future release. There are already RFEs defined for this that we are evaluating. Along similar lines, we are looking into providing easy obfuscation of JS resources during a build. This is already possible with Mobile and Desktop WebApps, that we want to extend to include deployable apps.

Not ableto migrate from eclipse 3.x to eclipse 4.x

We've an RCP application based on 3.x api we are trying to migrate it to eclipse 4.x.
The problem is some part of the code was using eclipse internal classes present in the workbench.jar . SO i added the workbench.jar JAR from the previous eclipse(HELIOS) to my new eclipse(KEPLER) this resolved the errors .But my application is not able to start.So just wanted to know is it the correct approach
1.Can I have two workbench.jar JARS(3.105 and 3.6) in my application.
2.If no then is there a way to search for the internal classes which I was using previously in the new jars I was mainly using the internal classes related to layout and prespectives(like : org.eclise.ui.internal.layyoutPart ,org.eclipse.internal.ui.perspectives)
3.Is there a way using which I can avoid rewriting the code.
Eclipse 4.x is a very substantial rewrite so there is very little chance that internal classes from 3.x are going to work. Multiple workbench jars is not going to work in any case.
The layout and perspective classes you mention do not exist in Eclipse 4.x, you are going to have to rewrite your code.
See also Eclipse API Rules of Engagement

How to generate DAO classes in IntelliJ IDEA

is there any possibilities how to generate DAO classes in IntelliJ IDEA? I found many articles about generating entities but none of how to generate DAO.
I am using 11.1.2 version.
It should be noted that Intellij does now support this. Follow the guide here:
New Intellij Functionality
IntelliJ IDEA doesn't support it, you can consider using Hibernate Tools instead via Ant:
Ant task: The Hibernate3 tools include a unified Ant task that allows you to run schema generation, mapping generation, or Java code generation as part of your build.
The tools for Hibernate provides various tools to use with Hibernate.
The primary tools can be used for generating source artifacts such as
mapping files, java entities, DAO and other scaffolding code. The
source of this generation can be JDBC database, classes or even just
existing mappings.
It uses Hibernate core metamodel to generate from and to the source
artifacts. Allowing it to support both top-down, bottom-up and
middle-out development.
Hibernate Tools is used in JBoss Tools Hibernate plugins to provide
parts of the Eclipse plugins for Hibernate.

Lightweight Eclipseplugin for RTC

IBM has this big 200+ Mb Eclipse plugin where I'm given access to everything and all functionality of Eclipse.
Is there a smaller more lightweight Eclipse plugin available that just gives access to the information a developer needs. Basically just a list of the workitems assigned to me or my team.
Yes, I can configure the big existing IBM plugin to just display that info, but then I'd still have this massive behemoth installed in my Eclipse.
I am aware of Tasktop Dev that allows me to import the workitems into my mylyn tasklist, but I'm looking for something cheaper.
No, because that plugin would have to manage work items and change sets (the list of versioned files), that is the planning and the source control part.
Plus you would need the EMF - GMF dependencies, part of the 200+ MB bundle, as described in "Tip: Installing the Rational Team Concert client into Eclipse 3.5.x".
Which is basically 75% of what the RTC plugin is (the rest being a link to the JBE: Jazz Build Engine).