ctubbsii commented on issue #1046: Please add OWASP Dependency Check to the build (pom.xml) URL: https://github.com/apache/fluo/issues/1046#issuecomment-413709535 Hmm, I'm not sure there's much to do here. I looked into it, and the OWASP plugin can be executed with a simple: `mvn org.owasp:dependency-check-maven:3.3.1:check` The only way to add it to the POM would be to create a profile which executed it by default, but activating the profile isn't much different than calling the plugin directly... and you have to keep the plugin up-to-date, which I'm not sure is any cleaner than just calling the plugin directly. We wouldn't want it running by default in the POM, because it's expensive to run and only needs to be run periodically. What do others think? What's the best way to "add" it to the POM?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services