svn commit: r1815437 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle tools/security/dependency-check/README.txt tools/security/dependency-check/dependency-check-report.html

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1815437 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle tools/security/dependency-check/README.txt tools/security/dependency-check/dependency-check-report.html

jleroux@apache.org
Author: jleroux
Date: Thu Nov 16 10:51:37 2017
New Revision: 1815437

URL: http://svn.apache.org/viewvc?rev=1815437&view=rev
Log:
No functional change, updates dependency-check plugin

Also adds more information in README.txt in tools and updates the report used
in wiki. BTW the report seems more interesting, less false positive but still
a lot (due to how Gradle handles dependencies)

Modified:
    ofbiz/ofbiz-framework/trunk/build.gradle
    ofbiz/tools/security/dependency-check/README.txt
    ofbiz/tools/security/dependency-check/dependency-check-report.html

Modified: ofbiz/ofbiz-framework/trunk/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1815437&r1=1815436&r2=1815437&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/build.gradle (original)
+++ ofbiz/ofbiz-framework/trunk/build.gradle Thu Nov 16 10:51:37 2017
@@ -294,7 +294,7 @@ buildscript {
             }
         }
         dependencies {
-            classpath 'org.owasp:dependency-check-gradle:2.1.1'
+            classpath 'org.owasp:dependency-check-gradle:3.0.2'
         }
     }
 }

Modified: ofbiz/tools/security/dependency-check/README.txt
URL: http://svn.apache.org/viewvc/ofbiz/tools/security/dependency-check/README.txt?rev=1815437&r1=1815436&r2=1815437&view=diff
==============================================================================
--- ofbiz/tools/security/dependency-check/README.txt (original)
+++ ofbiz/tools/security/dependency-check/README.txt Thu Nov 16 10:51:37 2017
@@ -3,4 +3,10 @@ It uses the Gradle dependency check grad
     https://plugins.gradle.org/plugin/dependency.check
 
 In any cases be sure to check
-    https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
\ No newline at end of file
+    https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
+
+The Gradle command is
+    gradlew -PenableOwasp dependencyCheckAnalyze
+
+The task takes time to complete, and once done, a report will be generated in
+$OFBIZ_HOME/build/reports/dependency-check-report.html