Open xiezhx9 opened 4 months ago
With the setup specified ODC would run too many times - once with the specified configuration and once without. You can either put the plugin into the build/plugins or in the reporting - don't do both.
Regarding it re-running on each child module - you likely want to specify <inherited>false</inherited>
.
Thank you for your response.
Additionally, I would like to ask if it is a recommended configuration to use <inherited>false</inherited>
in the parent pom?
If you are running the aggregate goal - most of the time you would want <inherited>false</inherited>
.
I am working on a multi-module Maven project and I would like to ensure that the configuration for the OWASP Dependency Check Plugin is correctly used by all modules in my project.
I have added the following plugin configuration to the parent POM file, with the intention that it will be applied to all child modules:
My main questions are:
Furthermore, after adding the following pom.xml configuration, I noticed that the OWASP Dependency Check Plugin is downloading NVD (National Vulnerability Database) information for each module during the build process, which significantly slows it down.