grainier opened a new pull request #17: [STREAMPIPES-108] Integrate CVE maven plugin URL: https://github.com/apache/incubator-streampipes/pull/17 ## Purpose Purpose of this pull request is to integrate the CVE maven plugin for StreamPipes to check security vulnerabilities found in dependencies during build time. This will help to detect publicly disclosed vulnerabilities contained within StreamPipes dependencies (and the dependencies of all child modules). ## Usage This plugin configuration is attached to the `mvn verify` phase. Therefore, this will run automatically when we perform a `mvn clean verify`. Once the `mvn` process is completed, the plugin will create a `dependency-check-report.html` report in `target/` dir with the detect vulnerabilities. In case if you need to skip this plugin, use `owasp.check.skip=true` property (i.e `mvn clean verify -Dowasp.check.skip=true`). ## Remarks - Fixes https://issues.apache.org/jira/browse/STREAMPIPES-108 - https://github.com/jeremylong/DependencyCheck - https://jeremylong.github.io/DependencyCheck/general/suppression.html
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
