[jira] [Commented] (OFBIZ-7783) External library files are not in the OFBiz folder structure.

    [ https://issues.apache.org/jira/browse/OFBIZ-7783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407544#comment-15407544 ]

Jacques Le Roux commented on OFBIZ-7783:
----------------------------------------

Yes it's a different problem, because basically I want to check the vulnerability of all the libs used.

As I said at https://issues.apache.org/jira/browse/OFBIZ-7930?focusedCommentId=15398908&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-
tabpanel#comment-15398908 I was inspired by your solution but needed all the libs (not only runtime libs as in your case). Finally using the OWASP dependency check plugin is a far better solution for "my" problem and is still a WIP at OFBIZ-7930.

I personnaly see no problems adding the copyToLib task OOTB and would happily commit it if nobody disagree. Of course this task is a server (ie QA, UAT, production) environment task, so would be rather
{code}
task copyToLib(group: ofbizServer, type: Copy, description: 'Copy runtime libs in a QA, UAT or production environment') {
    into "$rootDir/lib"
    from configurations.runtime
}
{code}
Also maybe more would be needed to provide a ready-made complete copy for these environments. Like removing .gradle, gradle, build, etc. folders. Then also moving ofbiz.jar from build\libs (before droping it ;))...in root for instance... But then your solution for OFBIZ-7796 would need to be modified. So maybe better to keep the useless bagages. Actually I think all that is trivial when you are at a QA, UAT or production stage and may depend on servers policies. Still copyToLib makes sense.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)