Re: OWASP Dependency-Check

That might be useful for all the project we are releasing. And I agree, it should be put in a separate profile (release, for sure, but also a dedicated profile, becuase it's a bit too late to run it when cutting a release...) On Mon, Aug 6, 2018 at 5:31 PM, Shawn McKinney wrote: > > > On Aug 6,

[GitHub] bdemers commented on issue #18: Move Jackson configuration into a Factory and Provider

bdemers commented on issue #18: Move Jackson configuration into a Factory and Provider URL: https://github.com/apache/directory-scimple/pull/18#issuecomment-410863077 @smoyer64 this change should be backwards compatible with the previous. I looked into switching to jsonb, but that is a bi

[GitHub] bdemers closed pull request #14: HOLD: Makes Jackson/JAXB configuration more portable between containers

bdemers closed pull request #14: HOLD: Makes Jackson/JAXB configuration more portable between containers URL: https://github.com/apache/directory-scimple/pull/14 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake o

[GitHub] bdemers commented on issue #14: HOLD: Makes Jackson/JAXB configuration more portable between containers

bdemers commented on issue #14: HOLD: Makes Jackson/JAXB configuration more portable between containers URL: https://github.com/apache/directory-scimple/pull/14#issuecomment-410861309 _better_ implementation in #18 This is

[GitHub] bdemers opened a new pull request #18: Move Jackson configuration into a Factory and Provider

bdemers opened a new pull request #18: Move Jackson configuration into a Factory and Provider URL: https://github.com/apache/directory-scimple/pull/18 Deprecates ObjectMapperContextResolver, to be replaced with portable ScimJacksonJaxbJsonProvider -

[GitHub] asfgit commented on issue #18: Move Jackson configuration into a Factory and Provider

asfgit commented on issue #18: Move Jackson configuration into a Factory and Provider URL: https://github.com/apache/directory-scimple/pull/18#issuecomment-410860701 Can one of the admins verify this patch? This is an automat

[GitHub] bdemers commented on issue #16: Making SelfIdResolver optional

bdemers commented on issue #16: Making SelfIdResolver optional URL: https://github.com/apache/directory-scimple/pull/16#issuecomment-410792851 @smoyer64 let me know if you have any other suggestions This is an automated me

Re: OWASP Dependency-Check

> On Aug 6, 2018, at 10:10 AM, Brian Demers wrote: > > I’d suggest executing the plunging from a non-default profile. The configure > that profile to run at release time and CI. That way local builds are still > fast by default. +1, run as part of the release process, like the rat plugin c

Re: OWASP Dependency-Check

You can do that, or just tell maven to skip those checks on your dev builds. From: Brian Demers Sent: Monday, August 6, 2018 11:10:30 AM To: Apache Directory Developers List Subject: Re: OWASP Dependency-Check I’d suggest executing the plunging from a non-default

Re: OWASP Dependency-Check

I’d suggest executing the plunging from a non-default profile. The configure that profile to run at release time and CI. That way local builds are still fast by default. -Brian > On Aug 6, 2018, at 10:42 AM, Smith, Shawn Eion wrote: > > That's where we have it. It slows down the build, but

Re: OWASP Dependency-Check

That's where we have it. It slows down the build, but it has caught a few CVE's that we have been able to correct, so probably worth it. From: Shawn McKinney Sent: Monday, August 6, 2018 10:37:50 AM To: Apache Directory Developers List Subject: Re: OWASP Depende

[GitHub] bdemers commented on a change in pull request #14: HOLD: Makes Jackson/JAXB configuration more portable between containers

bdemers commented on a change in pull request #14: HOLD: Makes Jackson/JAXB configuration more portable between containers URL: https://github.com/apache/directory-scimple/pull/14#discussion_r207917905 ## File path: scim-server/scim-server-common/src/main/java/org/apache/directory

[GitHub] asfgit commented on issue #17: Add @Specializes to WebApplicationExceptionMapper to force priority over commons-jaxrs version

asfgit commented on issue #17: Add @Specializes to WebApplicationExceptionMapper to force priority over commons-jaxrs version URL: https://github.com/apache/directory-scimple/pull/17#issuecomment-410732974 Can one of the admins verify this patch? ---

Re: OWASP Dependency-Check

> On Aug 6, 2018, at 8:20 AM, Smith, Shawn Eion wrote: > > We have it in the Scimple pom if you're looking for an example to play with. > Thanks, that is very helpful. I wondering if this should be part of the project pom.WDYT?

Re: OWASP Dependency-Check

We have it in the Scimple pom if you're looking for an example to play with. From: Shawn McKinney Sent: Monday, August 6, 2018 8:38:22 AM To: Apache Directory Developers List Subject: OWASP Dependency-Check Hello, A new ticket was created, asking us to add OWASP

OWASP Dependency-Check

Hello, A new ticket was created, asking us to add OWASP dependency scanning of known vulnerabilities. https://issues.apache.org/jira/browse/FC-240 Which points to the OWASP page describing the tool: https://www.owasp.org/index.php/OWASP_Dependency_Check I am going to investigate usage in fo

[jira] [Assigned] (FC-240) Please add OWASP Dependency Check to the build (pom.xml)

[ https://issues.apache.org/jira/browse/FC-240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shawn McKinney reassigned FC-240: - Assignee: Shawn McKinney > Please add OWASP Dependency Check to the build (pom.xml) > --