risdenk commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r361818552
########## File path: gradle/validation/dependency-check.gradle ########## @@ -0,0 +1,12 @@ +// This adds OWASP vulnerability validation of project dependencies + +// This should be false only for debugging. +def failOnError = true Review comment: It might make sense to set this to false to get this into the gradle-master build and then once merged to master change the default. I personally find failing the build on OWASP errors can be really frustrating with new CVEs out all the time. I like to see the warnings/errors but not fail the build. This depends on the severity of the CVE as well sometimes. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
