mirror of https://github.com/apache/lucene.git
5ab59f59ac
- added 'owasp' task to the root project. This depends on dependencyCheckAggregate which seems to be a better fit for multi-module projects than dependencyCheckAnalyze (the difference is vague to me from plugin's documentation). - you can run the "gradlew owasp" task explicitly and it'll run the validation without any flags. - the owasp task is only added to check if validation.owasp property is true. I think this should stay as the default on non-CI systems (developer defaults) because it's a significant chunk of time it takes to download and validate dependencies. - I'm not sure *all* configurations should be included in the check... perhaps we should only limit ourselves to actual runtime dependencies not build dependencies, solr-ref-guide, etc. |
||
|---|---|---|
| .. | ||
| forbidden-apis | ||
| owasp-dependency-check | ||
| check-environment.gradle | ||
| config-file-sanity.gradle | ||
| forbidden-apis.gradle | ||
| git-status.gradle | ||
| jar-checks.gradle | ||
| owasp-dependency-check.gradle | ||
| precommit.gradle | ||
| rat-sources.gradle | ||
| validate-source-patterns.gradle | ||
| versions-props-sorted.gradle | ||