mirror of https://github.com/apache/lucene.git
5ab59f59ac
- added 'owasp' task to the root project. This depends on dependencyCheckAggregate which seems to be a better fit for multi-module projects than dependencyCheckAnalyze (the difference is vague to me from plugin's documentation). - you can run the "gradlew owasp" task explicitly and it'll run the validation without any flags. - the owasp task is only added to check if validation.owasp property is true. I think this should stay as the default on non-CI systems (developer defaults) because it's a significant chunk of time it takes to download and validate dependencies. - I'm not sure *all* configurations should be included in the check... perhaps we should only limit ourselves to actual runtime dependencies not build dependencies, solr-ref-guide, etc. |
||
|---|---|---|
| .. | ||
| ant.txt | ||
| dependencies.txt | ||
| forbiddenApis.txt | ||
| git.txt | ||
| localSettings.txt | ||
| tests.txt | ||
| workflow.txt | ||