janhoy commented on issue #1121: SOLR-11207: Add OWASP dependency checker to gradle build URL: https://github.com/apache/lucene-solr/pull/1121#issuecomment-577445219 Updated the PR for master. I have not enabled OWASP as part of 'check' yet, mainly due to the large initial download that it must do, and the fact that we should first exclude false positives and fix real vulnerabilities first, so that warnings actually flag something developers should look into. So you run it with `gradlew dependencyCheckAnalyze` for a report. Supported gradle properties are: `validation.owasp.fail=true` to fail the build on a CVSS score >= 7. This is for Jenkins to use. `validation.owasp.skip=true` to skip the task. This will only make sense when we make it part of check task by default, as a way to disable owasp since it requires internet access and is heavy.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
