fluo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ctubbsii edited a comment on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)
Date Thu, 16 Aug 2018 23:19:39 GMT
ctubbsii edited a comment on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)
URL: https://github.com/apache/fluo/issues/1046#issuecomment-413709535
 
 
   Hmm, I'm not sure there's much to do here. I looked into it, and the OWASP plugin can be
executed with a simple: `mvn org.owasp:dependency-check-maven:3.3.1:check` or `mvn org.owasp:dependency-check-maven:3.3.1:aggregate`
   
   The only way to add it to the POM would be to create a profile which executed it by default,
but activating the profile isn't much different than calling the plugin directly... and you
have to keep the plugin up-to-date, which I'm not sure is any cleaner than just calling the
plugin directly.
   
   We wouldn't want it running by default in the POM, because it's expensive to run and only
needs to be run periodically. What do others think? What's the best way to "add" it to the
POM?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message