【发布时间】:2022-11-02 21:01:22
【问题描述】:
我有一个 build.gradle 文件,其中包含以下插件和依赖项
plugins {
...
id 'org.owasp.dependencycheck' version '7.3.0',
...
}
ext {
...
okHttpVersion = '4.9.3'
...
}
repositories {
mavenCentral()
}
dependencies {
implementation(
...
//misc
'org.testcontainers:junit-jupiter:1.16.3',
'org.everit.json:org.everit.json.schema:1.5.1',
'com.github.therapi:therapi-runtime-javadoc:0.13.0',
'org.apache.commons:commons-text:1.9.0', //this is the vulnerability
"com.squareup.okhttp3:okhttp:$okHttpVersion",
"com.squareup.okhttp3:mockwebserver:$okHttpVersion",
...
)
...
}
当我在报告中运行./gradlew dependencyCheckAnalyze 时,我看不到有关'org.apache.commons:commons-text:1.9.0' 的任何信息
我尝试执行./gradlew dependencyCheckPurge,然后是./gradlew dependencyCheckUpadte,然后是./gradlew dependencyCheckAnalyze,但是报告输出是相同的
【问题讨论】:
标签: java spring gradle owasp apache-commons-text