nutch-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Nagel (JIRA)" <>
Subject [jira] [Reopened] (NUTCH-2668) Integrate OWASP dependency checks as ant target
Date Mon, 19 Nov 2018 21:50:00 GMT


Sebastian Nagel reopened NUTCH-2668:
      Assignee: Sebastian Nagel

Ok, the nightly builds fail with
ivy/dependency-check-ant/lib does not exist
Sorry, this folder does not exist without installation of the OWASP dependency checker. That's
not the case for the Jenkins builds as the check needs a manual verification anyway.

> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>                 Key: NUTCH-2668
>                 URL:
>             Project: Nutch
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 2.4, 1.16
>            Reporter: Sebastian Nagel
>            Assignee: Sebastian Nagel
>            Priority: Major
>             Fix For: 2.4, 1.16
>         Attachments: 1x-dependency-check-report.html, 1x-dependency-check-vulnerability.html,
2x-dependency-check-report.html, 2x-dependency-check-vulnerability.html
> [OWASP|] provides the [ant tool "dependency-check"|]
which lists potential vulnerabilities of library dependencies. We should integrate the generation
of vulnerability reports into our build system as an optional task/target recommended to be
run from time to time and especially shortly before releases are prepared.

This message was sent by Atlassian JIRA

View raw message