英文:
Exclude JS libs from org.owasp dependency-check-maven
问题
We use the following Maven Plugin to monitor our libraries that have security problems.
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<suppressionFiles>
<suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>
At present, we only want to monitor our java libraries. There is a different team that is responsible for problems in the JS, which they monitor using a different process. My difficulty is that my Java-Lib monitoring aborts with errors every time that a JS problem is detected.
Is it possible to exclude the JS libs from the check entirely?
英文:
We use the following Maven Plugin to monitor our libraries that have security problems.
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<suppressionFiles>
<suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>
At present, we only want to monitor our java libraries. There is a different team that is responsible for problems in the JS, which they monitor using a different process. My difficulty is that my Java-Lib monitoring aborts with errors every time that a JS problem is detected.
Is it possible to exclude the JS libs from the check entirely?
答案1
得分: 0
Unfortunately that seems not to be possible.
Best solution I found was to use scanSet property to hard define the directories which should be analysed, and then off-course only defining those paths who contain java code.
<configuration>
<scanSet>
<fileSet>
<directory>src</directory>
</fileSet>
</scanSet>
</configuration>
See https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html for more info about 'scanSet' configuration.
英文:
Unfortunately that seems not to be possible.
Best solution I found was to use scanSet property to hard define the directories which should be analysed, and then off-course only defining those paths who contain java code.
<configuration>
<scanSet>
<fileSet>
<directory>src</directory>
</fileSet>
</scanSet>
</configuration>
See https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html for more info about 'scanSet' configuration.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论