Hi Rob, Yes please prepare a PR and I'll review. If you could add an empty file as well so that we can easily add false positives, that would be great.
Colm. On Sat, Feb 12, 2022 at 11:10 PM Rob Leland <the.rob.lel...@gmail.com> wrote: > > I noticed that the wss4J build mainly uses the OWASP dependency-check-plugin > for generating a report, but those are easy to forget to review. > Similar to the PMD and Checkstyle enforcement would it be useful to add a > maven profile to fail the build if there is a CVE/CVSS score above a certain > level ? > > This could be enforced just for releases, snapshots or both. > > I'll be happy to prepare PR. > > -Rob > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
