[jira] [Comment Edited] (OFBIZ-7930) Copy external jars in OFBiz $buildDir/externalJars for (at least) dependency check

Fri, 29 Jul 2016 04:01:52 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399138#comment-15399138
 ] 

Taher Alkhateeb edited comment on OFBIZ-7930 at 7/29/16 11:01 AM:
------------------------------------------------------------------

Yeah I am struggling to understand the purpose exactly so appreciate your help 
in clarifying it a bit. So If my understanding is correct, you are worried 
about having unwanted jars which could pose a security threat to the system 
right?

If that is the case, why not immediately use the owasp plugin from gradle? 
https://plugins.gradle.org/plugin/org.owasp.dependencycheck


was (Author: taher):
Yeah I am struggling to understand the purpose exactly so appreciate your help 
in clarifying it a bit. So If my understanding is correct, you are worried 
about having unwanted jars which could pose a security threat to the system 
right?

If that is the case, why not use immediately use the owasp plugin from gradle? 
https://plugins.gradle.org/plugin/org.owasp.dependencycheck

> Copy external jars in OFBiz $buildDir/externalJars for (at least) dependency 
> check
> ----------------------------------------------------------------------------------
>
>                 Key: OFBIZ-7930
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7930
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: Upcoming Branch
>
>
> As I warned at 
> https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
>  it's currently difficult to separate the OFBiz jars from other jars in the 
> .gradle\caches contains which may contain jars unrelated to OFBiz. Notably 
> Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle 
> for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in .gradle\caches 
> and I wonder if it's even possible. What I would like to have is the external 
> jars mandatory for OFBiz to work in an isolated place. For instance a sub 
> folder of the main Gradle build folder. I picked $buildDir/externalJars.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to