You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/08/30 12:31:21 UTC
[jira] [Comment Edited] (OFBIZ-7930) Load the OWASP dependency
checker Gradle plugin efficiently
[ https://issues.apache.org/jira/browse/OFBIZ-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15448784#comment-15448784 ]
Jacques Le Roux edited comment on OFBIZ-7930 at 8/30/16 12:31 PM:
------------------------------------------------------------------
Hi Jacques,
You made a comment about being stuck in this JIRA, so I'll try to help.
So I think the solution to your problem here is to avoid loading the plugin except when the proper task is activated. So you need to have a condition to check whether it is appropriate, and if yes, load the plugin and activate the security task. This way, normal users do not worry about downloading the extra dependencies while at the same time you can activate the OWASP plugin.
So, to help you in implementing this, there are a few questions first:
# Can you please provide the code snippet which activated the plugin, I forgot it. We can use that as a starting point
# What is the purpose here and who calls this task? is it committers, is it everyone? this makes it relevant to which script does it belong to (master or /tools perhaps)
# What do you do with the output? just display it?
was (Author: taher):
Hi Jacques,
You made a comment about being stuck in this JIRA, so I'll try to help.
So I think the solution to your problem here is to avoid loading the plugin except when the proper task is activated. So you need to have a condition to check whether it is appropriate, and if yes, load the plugin and activate the security task. This way, normal users do not worry about downloading the extra dependencies while at the same time you can activate the OWASP plugin.
So, to help you in implementing this, there are a few questions first:
- Can you please provide the code snippet which activated the plugin, I forgot it. We can use that as a starting point
- What is the purpose here and who calls this task? is it committers, is it everyone? this makes it relevant to which script does it belong to (master or /tools perhaps)
- What do you do with the output? just display it?
> Load the OWASP dependency checker Gradle plugin efficiently
> -----------------------------------------------------------
>
> Key: OFBIZ-7930
> URL: https://issues.apache.org/jira/browse/OFBIZ-7930
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check it's currently difficult to separate the OFBiz jars from other jars in the .gradle\caches contains which may contain jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in .gradle\caches and I wonder if it's even possible. What I would like to have is the external jars mandatory for OFBiz to work in an isolated place. For instance a sub folder of the main Gradle build folder. I picked $buildDir/externalJars.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)