- added 'owasp' task to the root project. This depends on
dependencyCheckAggregate which seems to be a better fit for multi-module
projects than dependencyCheckAnalyze (the difference is vague to me
from plugin's documentation).
- you can run the "gradlew owasp" task explicitly and it'll run the
validation without any flags.
- the owasp task is only added to check if validation.owasp property
is true. I think this should stay as the default on non-CI systems
(developer defaults) because it's a significant chunk of time it takes
to download and validate dependencies.
- I'm not sure *all* configurations should be included in the check...
perhaps we should only limit ourselves to actual runtime dependencies
not build dependencies, solr-ref-guide, etc.
Robert Muir
Jan Høydahl
Dawid Weiss
Jan Høydahl