Hi All, As discussed at OFBIZ-10700
I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:
Since OFBiz uses Gradle, all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. I decided to only check the higher ones, currently (2017-09-29) we have only already know ones: So one option could be to completely remove this feature, what do you think? (see more at OFBIZ-10700) Thanks Jacques
