cies
commented
3 years ago I do know that RePlay (a fork of Play1) gives you "just a Gradle project" (no funky/clunky Python, and old Ivy2 stuff).
Open Fraserhardy opened 4 years ago
cies
commented
3 years ago I do know that RePlay (a fork of Play1) gives you "just a Gradle project" (no funky/clunky Python, and old Ivy2 stuff).
Fraserhardy
commented
3 years ago Yeah I like what the team on RePlay did. I'm not sure how easy it is to port an existing app to RePlay though?
asolntsev
commented
3 years ago @Fraserhardy It depends on how heavily your project uses Play enhancers (automated generation of JPA methods, getters/setters etc.)
In our project, it was not easy. We did the migration step-by-step:
Fraserhardy
commented
3 years ago Tanks @asolntsev , We have been actively removing any play specific features from our codebase over the last couple of years, however there are still a number of them in place still. I think the biggest barrier would be the changes required to controllers as your documentation mentions needing to return Result instead.
asolntsev
commented
3 years ago @Fraserhardy No, I believe it's optional. Controller still can throw a result. Returning the result was just a new better alternative.
Fraserhardy
commented
3 years ago Oh good to know.. that might make it easier then. I'll find some time to do a POC with our app and see how it goes.
We'd like to improve the security of our application by scanning dependencies. The majority of tooling is only able to scan a Pom.xml file for dependencies to build up a BOM.
I have looked into this and it seems this would need changes to the play dependencies module. Does anyone know if this is possible directly within ivy settings without changes to Play?
Also it would be helpful to have dependency checking of Play framework itself as at the moment it's difficult to know if Play is using vulnerable dependencies.