You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2015/10/24 17:19:31 UTC
isis-site git commit: ISIS-1092: updating docs for how to check for
vulnerabilities
Repository: isis-site
Updated Branches:
refs/heads/asf-site aaf2db1d2 -> 93b044d95
ISIS-1092: updating docs for how to check for vulnerabilities
Project: http://git-wip-us.apache.org/repos/asf/isis-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/isis-site/commit/93b044d9
Tree: http://git-wip-us.apache.org/repos/asf/isis-site/tree/93b044d9
Diff: http://git-wip-us.apache.org/repos/asf/isis-site/diff/93b044d9
Branch: refs/heads/asf-site
Commit: 93b044d958d4990ca519c84d7fe41b0439a05a8d
Parents: aaf2db1
Author: Dan Haywood <da...@haywood-associates.co.uk>
Authored: Sat Oct 24 16:19:03 2015 +0100
Committer: Dan Haywood <da...@haywood-associates.co.uk>
Committed: Sat Oct 24 16:19:03 2015 +0100
----------------------------------------------------------------------
content/guides/cg.html | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/isis-site/blob/93b044d9/content/guides/cg.html
----------------------------------------------------------------------
diff --git a/content/guides/cg.html b/content/guides/cg.html
index 78aa93b..6250b0a 100644
--- a/content/guides/cg.html
+++ b/content/guides/cg.html
@@ -2205,6 +2205,38 @@ mvn clean install -o -T1C</code></pre>
<p>When using Eclipse, a Maven profile is configured such that Eclipse compiles to <code>target-ide</code> directory rather than the usual <code>target</code> directory. You can therefore switch between Eclipse and Maven command line without one interfering with the other.</p>
</div>
</div>
+<div class="sect2">
+<h3 id="_checking_for_vulnerabilities">6.4. Checking for Vulnerabilities</h3>
+<div class="paragraph">
+<p>Apache Isis configures the <a href="https://www.owasp.org/index.php/Main_Page">OWASP</a> <a href="https://www.owasp.org/index.php/OWASP_Dependency_Check">dependency check</a> <a href="http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html">Maven plugin</a> to determine whether the framework uses libraries that are known to have security vulnerabilities.</p>
+</div>
+<div class="paragraph">
+<p>To check, run:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="CodeRay highlight"><code data-lang="bash">cd core
+mvn org.owasp:dependency-check-maven:aggregate</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>This will generate a single report under <code>core/target/dependency-check-report.html</code>.</p>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+<div class="paragraph">
+<p>The first time this runs can take 10~20 minutes to download the NVD data feeds.</p>
+</div>
+</td>
+</tr>
+</table>
+</div>
+</div>
</div>
</div>
<div class="sect1">
@@ -7625,6 +7657,7 @@ xxx<br>
</li>
<li><a href="#_installing_maven">6.2. Installing Maven</a></li>
<li><a href="#_building_all_of_apache_isis">6.3. Building all of Apache Isis</a></li>
+<li><a href="#_checking_for_vulnerabilities">6.4. Checking for Vulnerabilities</a></li>
</ul>
</li>
<li><a href="#_cg_contributing">7. Contributing</a>