nutch-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Nagel (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (NUTCH-2668) Integrate OWASP dependency checks as ant target
Date Mon, 19 Nov 2018 21:50:00 GMT

     [ https://issues.apache.org/jira/browse/NUTCH-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebastian Nagel reopened NUTCH-2668:
------------------------------------
      Assignee: Sebastian Nagel

Ok, the nightly builds fail with
{noformat}
ivy/dependency-check-ant/lib does not exist
{noformat}
Sorry, this folder does not exist without installation of the OWASP dependency checker. That's
not the case for the Jenkins builds as the check needs a manual verification anyway.

> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>
>                 Key: NUTCH-2668
>                 URL: https://issues.apache.org/jira/browse/NUTCH-2668
>             Project: Nutch
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 2.4, 1.16
>            Reporter: Sebastian Nagel
>            Assignee: Sebastian Nagel
>            Priority: Major
>             Fix For: 2.4, 1.16
>
>         Attachments: 1x-dependency-check-report.html, 1x-dependency-check-vulnerability.html,
2x-dependency-check-report.html, 2x-dependency-check-vulnerability.html
>
>
> [OWASP|http://www.owasp.org/] provides the [ant tool "dependency-check"|https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html]
which lists potential vulnerabilities of library dependencies. We should integrate the generation
of vulnerability reports into our build system as an optional task/target recommended to be
run from time to time and especially shortly before releases are prepared.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message