That might be useful for all the project we are releasing.
And I agree, it should be put in a separate profile (release, for sure, but
also a dedicated profile, becuase it's a bit too late to run it when
cutting a release...)
On Mon, Aug 6, 2018 at 5:31 PM, Shawn McKinney wrote:
>
> > On Aug 6,
> On Aug 6, 2018, at 10:10 AM, Brian Demers wrote:
>
> I’d suggest executing the plunging from a non-default profile. The configure
> that profile to run at release time and CI. That way local builds are still
> fast by default.
+1, run as part of the release process, like the rat plugin c
You can do that, or just tell maven to skip those checks on your dev builds.
From: Brian Demers
Sent: Monday, August 6, 2018 11:10:30 AM
To: Apache Directory Developers List
Subject: Re: OWASP Dependency-Check
I’d suggest executing the plunging from a non
down the build, but it has caught a few
> CVE's that we have been able to correct, so probably worth it.
> From: Shawn McKinney
> Sent: Monday, August 6, 2018 10:37:50 AM
> To: Apache Directory Developers List
> Subject: Re: OWASP Dependency-Check
>
>
> > On Aug
That's where we have it. It slows down the build, but it has caught a few
CVE's that we have been able to correct, so probably worth it.
From: Shawn McKinney
Sent: Monday, August 6, 2018 10:37:50 AM
To: Apache Directory Developers List
Subject:
> On Aug 6, 2018, at 8:20 AM, Smith, Shawn Eion wrote:
>
> We have it in the Scimple pom if you're looking for an example to play with.
>
Thanks, that is very helpful. I wondering if this should be part of the
project pom.WDYT?
We have it in the Scimple pom if you're looking for an example to play with.
From: Shawn McKinney
Sent: Monday, August 6, 2018 8:38:22 AM
To: Apache Directory Developers List
Subject: OWASP Dependency-Check
Hello,
A new ticket was created, asking us to add OWASP
