It is very difficult to get code contributors to ensure the software they are submitting does not include newly introduced checkstyle/sonar and CLM violations without going through additional steps inside their own developer environment.

The PTL's and committers would like to enhance either the Jenkin's verify jobs and/or the gerrit software to add features to support the following requirements:

1) View via gerrit website software newly introduced checkstyle and sonar issues. This allows the contributors to fix these changes before they are merged into the gerrit.

2) For any newly introduced dependencies, the verify job should do a CLM check to determine if the new dependency has CVE/Sonatype violations. The PTL/committers can make a decision to let the merge go through or -2 the review to prevent it.