risdenk commented on a change in pull request #1121: SOLR-11207: Add OWASP dependency checker to gradle build URL: https://github.com/apache/lucene-solr/pull/1121#discussion_r361818500
########## File path: gradle/validation/dependency-check.gradle ########## @@ -0,0 +1,12 @@ +// This adds OWASP vulnerability validation of project dependencies + +// This should be false only for debugging. +def failOnError = true + +dependencyCheck { + autoUpdate=false Review comment: Why not `autoUpdate=true`? I think this is for auto updating the definitions. From https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html ``` Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org