You can do that, or just tell maven to skip those checks on your dev builds.
________________________________ From: Brian Demers <[email protected]> Sent: Monday, August 6, 2018 11:10:30 AM To: Apache Directory Developers List Subject: Re: OWASP Dependency-Check I’d suggest executing the plunging from a non-default profile. The configure that profile to run at release time and CI. That way local builds are still fast by default. -Brian On Aug 6, 2018, at 10:42 AM, Smith, Shawn Eion <[email protected]<mailto:[email protected]>> wrote: That's where we have it. It slows down the build, but it has caught a few CVE's that we have been able to correct, so probably worth it. ________________________________ From: Shawn McKinney <[email protected]<mailto:[email protected]>> Sent: Monday, August 6, 2018 10:37:50 AM To: Apache Directory Developers List Subject: Re: OWASP Dependency-Check > On Aug 6, 2018, at 8:20 AM, Smith, Shawn Eion > <[email protected]<mailto:[email protected]>> wrote: > > We have it in the Scimple pom if you're looking for an example to play with. > Thanks, that is very helpful. I wondering if this should be part of the project pom. WDYT?
