[ https://issues.apache.org/jira/browse/OFBIZ-7783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407544#comment-15407544 ]
Jacques Le Roux commented on OFBIZ-7783: ---------------------------------------- Yes it's a different problem, because basically I want to check the vulnerability of all the libs used. As I said at https://issues.apache.org/jira/browse/OFBIZ-7930?focusedCommentId=15398908&page=com.atlassian.jira.plugin.system.issuetabpanels:comment- tabpanel#comment-15398908 I was inspired by your solution but needed all the libs (not only runtime libs as in your case). Finally using the OWASP dependency check plugin is a far better solution for "my" problem and is still a WIP at OFBIZ-7930. I personnaly see no problems adding the copyToLib task OOTB and would happily commit it if nobody disagree. Of course this task is a server (ie QA, UAT, production) environment task, so would be rather {code} task copyToLib(group: ofbizServer, type: Copy, description: 'Copy runtime libs in a QA, UAT or production environment') { into "$rootDir/lib" from configurations.runtime } {code} Also maybe more would be needed to provide a ready-made complete copy for these environments. Like removing .gradle, gradle, build, etc. folders. Then also moving ofbiz.jar from build\libs (before droping it ;))...in root for instance... But then your solution for OFBIZ-7796 would need to be modified. So maybe better to keep the useless bagages. Actually I think all that is trivial when you are at a QA, UAT or production stage and may depend on servers policies. Still copyToLib makes sense. > External library files are not in the OFBiz folder structure. > ------------------------------------------------------------- > > Key: OFBIZ-7783 > URL: https://issues.apache.org/jira/browse/OFBIZ-7783 > Project: OFBiz > Issue Type: Sub-task > Components: ALL COMPONENTS > Reporter: Pierre Smits > Assignee: Jacques Le Roux > Priority: Blocker > > With the implementation of the external library download feature of > gradle/gradlew, the external libraries (jar files) are not in the folder > structure any more. > They should reside there, like before. -- This message was sent by Atlassian JIRA (v6.3.4#6332)