[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782712#comment-16782712
]
Jacques Le Roux commented on OFBIZ-10700:
-----------------------------------------
It works here with [^OWASP-failure.patch] applied
{noformat}
C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
A new version of dependency-check is available. Consider updating to version
5.0.0.m1.
Unable to download pom.xml for
org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar from
Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.batik.transcoder-1.6.0.jar from
Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.batik.xml-1.6.0.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.xerces-2.9.0.jar from Central; this
could result in undetected CPE/CVEs.
Unable to download pom.xml for
org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for Tidy-1.jar from Central; this could result in
undetected CPE/CVEs.
Unable to download pom.xml for org.w3c.css.sac-1.3.0.jar from Central; this
could result in undetected CPE/CVEs.
Unable to download pom.xml for
org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
from Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.commons.codec-1.3.0.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for aspectjrt-1.5.3.jar from Central; this could
result in undetected CPE/CVEs.
Unable to download pom.xml for antlr-2.7.6.jar from Central; this could result
in undetected CPE/CVEs.
> Task :dependencyCheckAnalyze
Generating report for project ofbiz
Found 498 vulnerabilities in project ofbiz
One or more dependencies were identified with known vulnerabilities:
asciidoctorj-1.5.7.jar (cpe:/a:jruby:jruby:1.5.7,
org.asciidoctor:asciidoctorj:1.5.7) : CVE-2011-4838, CVE-2012-5370
[...]
{noformat}
> Use the Gradle Plugin DSL
> -------------------------
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Mathieu Lirzin
> Assignee: Mathieu Lirzin
> Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch,
> OWASP-failure.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
