[
https://issues.apache.org/jira/browse/OFBIZ-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399276#comment-15399276
]
Jacques Le Roux commented on OFBIZ-7930:
----------------------------------------
I tried the owasp depend. check plugin. It's very easy and works well. But the
result needs a lot of entries in the owasp depend. check suppress file (not
sure if it exists and how it used yet, maybe this
https://github.com/danielsomerfield/gradle-cve-dependency-check I have to try)
For instance we don't care about the eclipse jars, etc.
Next week, not a priority...
> Copy external jars in OFBiz $buildDir/externalJars for (at least) dependency
> check
> ----------------------------------------------------------------------------------
>
> Key: OFBIZ-7930
> URL: https://issues.apache.org/jira/browse/OFBIZ-7930
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>
> As I warned at
> https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
> it's currently difficult to separate the OFBiz jars from other jars in the
> .gradle\caches contains which may contain jars unrelated to OFBiz. Notably
> Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle
> for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in .gradle\caches
> and I wonder if it's even possible. What I would like to have is the external
> jars mandatory for OFBiz to work in an isolated place. For instance a sub
> folder of the main Gradle build folder. I picked $buildDir/externalJars.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
