dweiss commented on a change in pull request #1121: SOLR-11207: Add OWASP
dependency checker to gradle build
URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r370278321
##########
File path: gradle/validation/dependency-check.gradle
##########
@@ -0,0 +1,14 @@
+// This adds OWASP vulnerability validation of project dependencies
+// Not part of 'check' task by default, must be called explicitly, e.g.
gradlew dependencyCheckAnalyze
+// Start build with -Pvalidation.owasp.fail=true to fail build on owasp errors
(CVSS >= 7)
+// Start build with -Pvalidation.owasp.skip=true to skip OWASP checks during
'check' phase
+
+dependencyCheck {
Review comment:
You can try to run gradlew -p lucene/core ... and see what happens. :)
If it's just applicable to the root project (which it may be) then I'd wrap
it in a configure(rootProject) { ... } closure so that it's explicit in the
code.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
