[GitHub] [lucene-solr] janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build
janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP
dependency checker to gradle build
URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r370888355
##
File path: gradle/validation/dependency-check.gradle
##
@@ -0,0 +1,14 @@
+// This adds OWASP vulnerability validation of project dependencies
+// Not part of 'check' task by default, must be called explicitly, e.g.
gradlew dependencyCheckAnalyze
+// Start build with -Pvalidation.owasp.fail=true to fail build on owasp errors
(CVSS >= 7)
+// Start build with -Pvalidation.owasp.skip=true to skip OWASP checks during
'check' phase
+
+dependencyCheck {
Review comment:
> Task 'dependencyCheckAnalyze' not found in project ':lucene:core'.
Will wrap it
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[GitHub] [lucene-solr] janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build
janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP
dependency checker to gradle build
URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r370276649
##
File path: gradle/validation/dependency-check.gradle
##
@@ -0,0 +1,14 @@
+// This adds OWASP vulnerability validation of project dependencies
+// Not part of 'check' task by default, must be called explicitly, e.g.
gradlew dependencyCheckAnalyze
+// Start build with -Pvalidation.owasp.fail=true to fail build on owasp errors
(CVSS >= 7)
+// Start build with -Pvalidation.owasp.skip=true to skip OWASP checks during
'check' phase
+
+dependencyCheck {
Review comment:
I don’t know. Have not tested other than root.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[GitHub] [lucene-solr] janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build
janhoy commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r369871709 ## File path: gradle/validation/dependency-check.gradle ## @@ -0,0 +1,12 @@ +// This adds OWASP vulnerability validation of project dependencies + +// This should be false only for debugging. +def failOnError = true Review comment: It is now configurable with -Pvalidation.owasp.fail=true (default not fail) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
