You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2023/01/18 14:23:03 UTC
[GitHub] [solr] risdenk opened a new pull request, #1299: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1
risdenk opened a new pull request, #1299:
URL: https://github.com/apache/solr/pull/1299
https://issues.apache.org/jira/browse/SOLR-16625
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] risdenk merged pull request #1299: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1
Posted by GitBox <gi...@apache.org>.
risdenk merged PR #1299:
URL: https://github.com/apache/solr/pull/1299
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] risdenk commented on a diff in pull request #1299: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1
Posted by GitBox <gi...@apache.org>.
risdenk commented on code in PR #1299:
URL: https://github.com/apache/solr/pull/1299#discussion_r1073604042
##########
gradle/validation/owasp-dependency-check.gradle:
##########
@@ -26,9 +26,12 @@ configure(rootProject) {
dependencyCheck {
failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as Integer
formats = ['ALL']
- skipProjects = [':solr:solr-ref-guide']
+ skipProjects = [':solr:solr-ref-guide', ':solr-missing-doclet']
Review Comment:
`solr-missing-doclet` is a build only dependency and keeps getting flagged as a Solr 1.0 version with lots of CVEs - this doesn't need to be checked.
##########
gradle/validation/owasp-dependency-check.gradle:
##########
@@ -26,9 +26,12 @@ configure(rootProject) {
dependencyCheck {
failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as Integer
formats = ['ALL']
- skipProjects = [':solr:solr-ref-guide']
+ skipProjects = [':solr:solr-ref-guide', ':solr-missing-doclet']
skipConfigurations = ['unifiedClasspath', 'permitUnusedDeclared']
suppressionFile = file("${resources}/exclusions.xml")
+ analyzers {
+ assemblyEnabled = false
+ }
Review Comment:
I have some .Net projects locally and for some reason dependency check is picking this up and trying to scan the project. Since we don't use .Net - we can disable the .Net Assembly scanner. See details here: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org