Am 18.10.2017 um 15:32 schrieb Lukasz Lenart:
2017-10-13 17:46 GMT+02:00 Tilman Hausherr <thaush...@t-online.de>:
We use it for PDFBox in all builds as a maven plugin. The current version
2.1.1 is over-sensitive compared to 2.1.0. The developer told me that this
will be fixed in 3.0.
Do you fail a build when the plugin finds something?
Yes:
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>2.1.0</version>
<configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
Tilman
