[jira] [Commented] (TIKA-3648) Fail build if ossindex-maven-plugin violation is detected

Tim Allison (Jira) Tue, 18 Jan 2022 12:25:06 -0800


    [ 
https://issues.apache.org/jira/browse/TIKA-3648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478179#comment-17478179
 ]


Tim Allison commented on TIKA-3648:
-----------------------------------

I do periodically run {{{}mvn versions:display-dependency-updates{}}}, and 
especially before rolling release candidates, but dependabot makes sense.

> Fail build if ossindex-maven-plugin violation is detected
> ---------------------------------------------------------
>
>                 Key: TIKA-3648
>                 URL: https://issues.apache.org/jira/browse/TIKA-3648
>             Project: Tika
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.2.1
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Critical
>             Fix For: 2.2.2
>
>
> The ossindex-maven-plugin can really assist us in detecting and preventing 
> security vulnerabilities and also mitigating associated risk and exposure.
> I propose to fail the build if ossindex-maven-plugin violation is detected
> https://github.com/apache/tika/blob/main/tika-parent/pom.xml#L639



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (TIKA-3648) Fail build if ossindex-maven-plugin violation is detected

Reply via email to