[GitHub] [lucene-solr] risdenk commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build

GitBox Sat, 28 Dec 2019 15:29:29 -0800

risdenk commented on a change in pull request #1121: SOLR-11207: Add OWASP 
dependency checker to gradle build
URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r361818500


 ##########
 File path: gradle/validation/dependency-check.gradle
 ##########
 @@ -0,0 +1,12 @@
+// This adds OWASP vulnerability validation of project dependencies
+
+// This should be false only for debugging.
+def failOnError = true
+
+dependencyCheck {
+  autoUpdate=false
 
 Review comment:
   Why not `autoUpdate=true`? I think this is for auto updating the definitions.
   
   From 
https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html
   
   ```
   Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not 
recommended that this be turned to false.
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

[GitHub] [lucene-solr] risdenk commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build

Reply via email to