Author: jleroux
Date: Thu Nov 16 10:51:37 2017
New Revision: 1815437
URL:
http://svn.apache.org/viewvc?rev=1815437&view=revLog:
No functional change, updates dependency-check plugin
Also adds more information in README.txt in tools and updates the report used
in wiki. BTW the report seems more interesting, less false positive but still
a lot (due to how Gradle handles dependencies)
Modified:
ofbiz/ofbiz-framework/trunk/build.gradle
ofbiz/tools/security/dependency-check/README.txt
ofbiz/tools/security/dependency-check/dependency-check-report.html
Modified: ofbiz/ofbiz-framework/trunk/build.gradle
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1815437&r1=1815436&r2=1815437&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/build.gradle (original)
+++ ofbiz/ofbiz-framework/trunk/build.gradle Thu Nov 16 10:51:37 2017
@@ -294,7 +294,7 @@ buildscript {
}
}
dependencies {
- classpath 'org.owasp:dependency-check-gradle:2.1.1'
+ classpath 'org.owasp:dependency-check-gradle:3.0.2'
}
}
}
Modified: ofbiz/tools/security/dependency-check/README.txt
URL:
http://svn.apache.org/viewvc/ofbiz/tools/security/dependency-check/README.txt?rev=1815437&r1=1815436&r2=1815437&view=diff==============================================================================
--- ofbiz/tools/security/dependency-check/README.txt (original)
+++ ofbiz/tools/security/dependency-check/README.txt Thu Nov 16 10:51:37 2017
@@ -3,4 +3,10 @@ It uses the Gradle dependency check grad
https://plugins.gradle.org/plugin/dependency.check
In any cases be sure to check
-
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check\ No newline at end of file
+
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check+
+The Gradle command is
+ gradlew -PenableOwasp dependencyCheckAnalyze
+
+The task takes time to complete, and once done, a report will be generated in
+$OFBIZ_HOME/build/reports/dependency-check-report.html
Locked
