You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create the dependency-check-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope).
to demonstrate the <skipRuntimeScope>true</skipRuntimeScope> configuration option.
But is it true that a Maven dependency declared with scope "runtime" will not be bundled in distribution ? E.g. as far as I know, the spring-boot:repackage plugin goal bundles a JAR with runtime artifacts included.
In such case, from a security prospective, wouldn't it be better not to suggest excluding runtime scope artifacts from the Dependency Check scan ?
Thank you for your answer.
Regards,
The text was updated successfully, but these errors were encountered:
mehradn7
changed the title
Doc says runtime artifacts are not bundled in distribution ?
Documentation says 'runtime artifacts are not bundled in distribution' ?
Jan 27, 2023
Hello,
The documentation of the Maven plugin (https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html) says (Example 4):
to demonstrate the
<skipRuntimeScope>true</skipRuntimeScope>
configuration option.But is it true that a Maven dependency declared with scope "runtime" will not be bundled in distribution ? E.g. as far as I know, the spring-boot:repackage plugin goal bundles a JAR with runtime artifacts included.
In such case, from a security prospective, wouldn't it be better not to suggest excluding runtime scope artifacts from the Dependency Check scan ?
Thank you for your answer.
Regards,
The text was updated successfully, but these errors were encountered: