www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <jacques.le.r...@les7arts.com>
Subject Re: OWASP dependency-check 2.1.1
Date Mon, 25 Sep 2017 18:08:55 GMT
Same here, was usable before using the Gradle plugin. I was then using the cmd line and adding
excludes.

With Gradle it's impossible, too much (false) dependencies loaded. Having all the dependencies
is though useful while debugging, you have all the 
source...

Jacques


Le 25/09/2017 à 19:45, Brian Demers a écrit :
> Every time I use that plugin I end up with a bunch of false positive
> excludes (I haven't switched to 2.x yet)
>
> On Mon, Sep 25, 2017 at 12:23 PM, Tilman Hausherr <THausherr@t-online.de>
> wrote:
>
>> If anybody is using OWASP dependency-check for their builds, the new
>> version 2.1.1 is over-sensitive compared to 2.1.0. I've opened an issue here
>>
>> https://github.com/jeremylong/DependencyCheck/issues/894
>>
>> Besides fontbox, it also reports javamail.
>>
>> Tilman
>>
>>


Mime
View raw message