[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782646#comment-16782646 ]
Jacques Le Roux commented on OFBIZ-10700:
-----------------------------------------
Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. I decided to only check the higher ones, currently (2017-09-29) we have only already know ones:
{quote}
So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML?
> Use the Gradle Plugin DSL
> -------------------------
>
> Key: OFBIZ-10700
> URL:
https://issues.apache.org/jira/browse/OFBIZ-10700> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Mathieu Lirzin
> Assignee: Mathieu Lirzin
> Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See [here|
https://docs.gradle.org/current/userguide/plugins.html] for more details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
