Motivation
The build currently fetches the SARIF JSON schema from a remote URL during the verify phase:
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json
This causes build failures when:
- The remote server (
docs.oasis-open.org) is down or unreachable
- Network connectivity issues occur (e.g., "Connection refused")
- Developers are working offline
Users have reported build failures with:
fatal: unable to dereference URI "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json" exceptionMessage: "Connection refused"
Proposed Solution
Store a local copy of the SARIF schema in the repository:
- Add config/sarif-schema-2.1.0.json
- Update pom.xml to reference the local file instead of the remote URL
Benefits
- Reliable builds - No dependency on external network availability
- Faster builds - No network round-trip needed
- Offline development - Developers can build without internet access
Motivation
The build currently fetches the SARIF JSON schema from a remote URL during the
verifyphase:https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.jsonhttps://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json
This causes build failures when:
docs.oasis-open.org) is down or unreachableUsers have reported build failures with:
fatal: unable to dereference URI "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json" exceptionMessage: "Connection refused"Proposed Solution
Store a local copy of the SARIF schema in the repository:
Benefits