Github user rzo1 commented on the issue:
https://github.com/apache/tomee/pull/276
Hey @jeanouii & @radcortez
thanks for the feedback - I can update this PR.
I would propose:
- (1) I will add a profile `owasp-report` to generate the aggregated HTML
report, which can be triggered manually as it takes a long time
- (2) I will add a profile `owasp-check`, which does not generate HTML
reports (which will speed up this process) and which will **fail** the build
for CVE's greater a specific value. This profile can then be added on the CI
System (build bot), which may support caching the owasp CVE files (so we will
get a speed boost).
What do you think?
---
