-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider running dependency check as an action rather than integrated in the maven build #262
Comments
Agreed. Also, with proper dependabot config and dependency graph feeding, dependency-check is less useful. I've configured dependency-check here more to get a feeling about what it could provide. |
In PR #274 I have moved the dependency check to a separate profile that is not enabled by default in the ci builds. |
Should we close this one then? Or do you want to create a workflow that will run with this profile separately? |
We should add an action to run the dependency check on a regular basis using a schedule and then we can compare the results with dependabot. I see that as experimenting with existing tools to understand their strengths and weaknesses. |
The dependency check is rather slow as it downloads all cve everytime it is run.
Consider using an action instead that comes with a pre-build image of cve's so that not all of them have to be downloaded again and again.
The text was updated successfully, but these errors were encountered: