[
https://issues.apache.org/jira/browse/OFBIZ-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399276#comment-15399276 ]
Jacques Le Roux commented on OFBIZ-7930:
----------------------------------------
I tried the owasp depend. check plugin. It's very easy and works well. But the result needs a lot of entries in the owasp depend. check suppress file (not sure if it exists and how it used yet, maybe this
https://github.com/danielsomerfield/gradle-cve-dependency-check I have to try)
For instance we don't care about the eclipse jars, etc.
Next week, not a priority...
> Copy external jars in OFBiz $buildDir/externalJars for (at least) dependency check
> ----------------------------------------------------------------------------------
>
> Key: OFBIZ-7930
> URL:
https://issues.apache.org/jira/browse/OFBIZ-7930> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>
> As I warned at
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check it's currently difficult to separate the OFBiz jars from other jars in the .gradle\caches contains which may contain jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in .gradle\caches and I wonder if it's even possible. What I would like to have is the external jars mandatory for OFBiz to work in an isolated place. For instance a sub folder of the main Gradle build folder. I picked $buildDir/externalJars.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)