www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: OWAS Dependency Check
Date Wed, 18 Oct 2017 15:57:41 GMT
Am 18.10.2017 um 15:32 schrieb Lukasz Lenart:
> 2017-10-13 17:46 GMT+02:00 Tilman Hausherr <THausherr@t-online.de>:
>> We use it for PDFBox in all builds as a maven plugin. The current version
>> 2.1.1 is over-sensitive compared to 2.1.0. The developer told me that this
>> will be fixed in 3.0.
> Do you fail a build when the plugin finds something?

Yes:

                     <plugin>
                         <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
                         <version>2.1.0</version>
                         <configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
                         </configuration>
                         <executions>
                             <execution>
                                 <goals>
                                     <goal>check</goal>
                                 </goals>
                             </execution>
                         </executions>
                     </plugin>

Tilman


Mime
View raw message