Exclude JS libs from org.owasp dependency-check-maven.

huangapple go评论58阅读模式
英文:

Exclude JS libs from org.owasp dependency-check-maven

问题

We use the following Maven Plugin to monitor our libraries that have security problems.

<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<suppressionFiles>
<suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>

At present, we only want to monitor our java libraries. There is a different team that is responsible for problems in the JS, which they monitor using a different process. My difficulty is that my Java-Lib monitoring aborts with errors every time that a JS problem is detected.

Is it possible to exclude the JS libs from the check entirely?

英文:

We use the following Maven Plugin to monitor our libraries that have security problems.

		&lt;plugin&gt;
			&lt;groupId&gt;org.owasp&lt;/groupId&gt;
			&lt;artifactId&gt;dependency-check-maven&lt;/artifactId&gt;
			&lt;configuration&gt;
				&lt;suppressionFiles&gt;
					&lt;suppressionFile&gt;${project.basedir}/owasp-suppressions.xml&lt;/suppressionFile&gt;
				&lt;/suppressionFiles&gt;
			&lt;/configuration&gt;
		&lt;/plugin&gt;

At present, we only want to monitor our java libraries. There is a different team that is responsible for problems in the JS, which they monitor using a different process. My difficulty is that my Java-Lib monitoring aborts with errors every time that a JS problem is detected.

Is it possible to exclude the JS libs from the check entirely?

答案1

得分: 0

Unfortunately that seems not to be possible.
Best solution I found was to use scanSet property to hard define the directories which should be analysed, and then off-course only defining those paths who contain java code.

&lt;configuration&gt;
   &lt;scanSet&gt;
      &lt;fileSet&gt;
         &lt;directory&gt;src&lt;/directory&gt;
      &lt;/fileSet&gt;
   &lt;/scanSet&gt;
&lt;/configuration&gt;

See https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html for more info about 'scanSet' configuration.

英文:

Unfortunately that seems not to be possible.
Best solution I found was to use scanSet property to hard define the directories which should be analysed, and then off-course only defining those paths who contain java code.

&lt;configuration&gt;
   &lt;scanSet&gt;
      &lt;fileSet&gt;
         &lt;directory&gt;src&lt;/directory&gt;
      &lt;/fileSet&gt;
   &lt;/scanSet&gt;
&lt;/configuration&gt;

See https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html for more info about 'scanSet' configuration.

huangapple
  • 本文由 发表于 2023年4月17日 16:01:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/76032894.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定