mirror of https://github.com/apache/druid.git
Skip node dev dependency vulnerability scan (#9684)
Since they are not production dependencies, security vulnerabilities in the dev dependencies can be ignored.
This commit is contained in:
Chi Cao Minh
GitHub
parent
cbbfd63bed
commit
e6dd6a4119
5
pom.xml
5
pom.xml
|
|
@ -1525,12 +1525,15 @@
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.owasp</groupId>
|
<groupId>org.owasp</groupId>
|
||||||
<artifactId>dependency-check-maven</artifactId>
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
<version>5.3.0</version>
|
<version>5.3.2</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<cveValidForHours>24</cveValidForHours>
|
<cveValidForHours>24</cveValidForHours>
|
||||||
<failBuildOnCVSS>7</failBuildOnCVSS>
|
<failBuildOnCVSS>7</failBuildOnCVSS>
|
||||||
<skipProvidedScope>true</skipProvidedScope>
|
<skipProvidedScope>true</skipProvidedScope>
|
||||||
<skipSystemScope>true</skipSystemScope> <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
|
<skipSystemScope>true</skipSystemScope> <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
|
||||||
|
<!-- For node analysis info, see https://github.com/jeremylong/DependencyCheck/issues/2482#issuecomment-603755623 -->
|
||||||
|
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled> <!-- plugin author (jeremylong) recommends to disable, since this analyzer is retired -->
|
||||||
|
<nodeAuditSkipDevDependencies>true</nodeAuditSkipDevDependencies>
|
||||||
<suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
|
<suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
|
||||||
</configuration>
|
</configuration>
|
||||||
<executions>
|
<executions>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue