[jira] [Comment Edited] (OFBIZ-7930) Load the OWASP dependency checker Gradle plugin efficiently

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Comment Edited] (OFBIZ-7930) Load the OWASP dependency checker Gradle plugin efficiently

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15464106#comment-15464106 ]

Taher Alkhateeb edited comment on OFBIZ-7930 at 9/5/16 5:06 AM:
----------------------------------------------------------------

Hi Jacques. In order to test things I am attaching my work for your review.

Essentially, you just have to pass a flag to enable the plugin. The dependencies for OWASP will only download if you pass the flag, otherwise it will not recognize any OWASP tasks.

To test it, run an OWASP task from the command line: e.g.
{code}
./gradlew -PenableOwasp dependencyCheck
{code}


was (Author: taher):
Hi Jacques. In order to test things I am attaching my work for your review.

Essentially, you just have to pass a flag to enable the plugin. The dependencies for OWASP will only download if you pass the flag, otherwise it will not recognize any OWASP tasks.

To test it, run an OWASP task from the command line: e.g.
{code:bash}
./gradlew -PenableOwasp dependencyCheck
{code}

> Load the OWASP dependency checker Gradle plugin efficiently
> -----------------------------------------------------------
>
>                 Key: OFBIZ-7930
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7930
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>         Attachments: OFBIZ-7534.patch
>
>
> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check it's currently difficult to separate the OFBiz jars from other jars in the .gradle\caches contains which may contain jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in .gradle\caches and I wonder if it's even possible. What I would like to have is the external jars mandatory for OFBiz to work in an isolated place. For instance a sub folder of the main Gradle build folder. I picked $buildDir/externalJars.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)