https://bz.apache.org/bugzilla/show_bug.cgi?id=62582
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> --- FWIW, I use this tool for our builds. It has one unfortunate requirement: period downloads of every CVE ever filed. Ever. And it doesn't bother retaining the CVE databases from previous years which are very unlikely to change. So, roughly weekly, the entire database is wiped-out and re-downloaded. It makes that first weekly build take something like 20 minutes instead of the usual 30 seconds. It would be easy to add this to the build, but it would require: 0. Approval of the license (it's CC-SA-3, so I think no problem) 1. An additional download (not really a problem) 2. An invocation of the scanner at some point during the build I think #2 should be optional, and default to FALSE. Comments? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
