[ 
https://issues.apache.org/jira/browse/NUTCH-2840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17263600#comment-17263600
 ] 

ASF GitHub Bot commented on NUTCH-2840:
---------------------------------------

lewismc commented on a change in pull request #561:
URL: https://github.com/apache/nutch/pull/561#discussion_r556001913



##########
File path: build.xml
##########
@@ -639,24 +641,38 @@
   </target>
 
   <!-- Check dependencies for security vulnerabilities                         
           -->
-  <!-- requires installation of OWASP dependency check tool, see               
           -->
-  <!--   
https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html    
 -->
-  <!-- get 
http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip 
-->
-  <!-- and unzip in directory ./ivy/                                           
           -->
-  <path id="dependency-check.path">
-    <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/>
-    <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false">
+  <target name="dependency-check-ant-download" description="--> download 
dependency-check-ant jar">
+    <available file="${dependency-check-ant.jar}" 
property="dependency-check-ant.jar.found"/>
+    <antcall target="dependency-check-ant-download-unchecked"/>
+  </target>
+
+  <target name="dependency-check-ant-download-unchecked" 
unless="dependency-check-ant.jar.found"
+          description="--> downloads the dependency-check-ant binary 
(dependency-check-ant-*.zip).">
+    <get 
src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip";
+         
dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
 usetimestamp="false" />
+
+    <unzip 
src="${dependency-check-ant.home}/dependency-check-ant-${dependency-check-ant.version}-release.zip"

Review comment:
       Good catch. Thank you




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Fix 'report-vulnerabilities' ant target in build.xml
> ----------------------------------------------------
>
>                 Key: NUTCH-2840
>                 URL: https://issues.apache.org/jira/browse/NUTCH-2840
>             Project: Nutch
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 1.18
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Critical
>             Fix For: 1.18
>
>
> I recently noticed (FOR THE FIRST TIME) the *report-vulnerabilities* target 
> in build.xml
> When I invoked it, it was broken so I decided to fix it.
> PR coming up.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to