[
https://issues.apache.org/jira/browse/NUTCH-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebastian Nagel reopened NUTCH-2668:
------------------------------------
Assignee: Sebastian Nagel
Ok, the nightly builds fail with
{noformat}
ivy/dependency-check-ant/lib does not exist
{noformat}
Sorry, this folder does not exist without installation of the OWASP dependency
checker. That's not the case for the Jenkins builds as the check needs a manual
verification anyway.
> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>
> Key: NUTCH-2668
> URL: https://issues.apache.org/jira/browse/NUTCH-2668
> Project: Nutch
> Issue Type: Improvement
> Components: build
> Affects Versions: 2.4, 1.16
> Reporter: Sebastian Nagel
> Assignee: Sebastian Nagel
> Priority: Major
> Fix For: 2.4, 1.16
>
> Attachments: 1x-dependency-check-report.html,
> 1x-dependency-check-vulnerability.html, 2x-dependency-check-report.html,
> 2x-dependency-check-vulnerability.html
>
>
> [OWASP|http://www.owasp.org/] provides the [ant tool
> "dependency-check"|https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html]
> which lists potential vulnerabilities of library dependencies. We should
> integrate the generation of vulnerability reports into our build system as an
> optional task/target recommended to be run from time to time and especially
> shortly before releases are prepared.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
