Closed dmi3bk closed 2 years ago
rabelenda
commented
2 years ago Hello, thank you for asking for this. Several of such vulnerabilities have been fixed by upgrading corresponding dependencies in JMeter DSL (you might check https://github.com/abstracta/jmeter-java-dsl/issues/94). In any case we will work on upgrading JMeter to 5.5 to improve this.
Regards
dmi3bk
commented
2 years ago Hi @rabelenda,
I need to use jmeter-java-dsl with DistributedJmeterEngine (cluster of slaves).
As I understand correctly, jmeter-java-dsl tests (and dependencies) should be added as libs into jmeter slaves - but we cannot pass trivy checks for such bundle.
Regards, Dmitry
dmi3bk
commented
2 years ago BTW, can you please share any docker-compose how to setup distributed jmeter? I cannot find any good examples for it.
rabelenda
commented
2 years ago Hello,
Depending on the components you use you might need or not to add jmeter-java-dsl and dependencies into slaves, but if you just need to test HTTP endpoints, you should not be required to do any setup steps (copying files to slaves).
We have just released a new version of DSL that uses JMeter 5.5 and have also included an example of using distributed engine with docker-compose. I hope it helps.
Regards
dmi3bk
commented
2 years ago Thanks a lot, @rabelenda!
This update to 5.5 was blazingly fast comparing to other open-source frameworks.
The current version 5.4.3 has 18 vulnerabilities, so it's a bit risky to use in cloud environment