abn
commented
10 years ago As a workaround, you should be able to specify <phase/> within the <execution/> tag. Multiple executions with different phase/configuration can be used.
Closed dfj closed 9 years ago
abn
commented
10 years ago As a workaround, you should be able to specify <phase/> within the <execution/> tag. Multiple executions with different phase/configuration can be used.
ashcrow
commented
9 years ago Closing old issues.
Allow the mode of operation (warning|fatal|disabled) to be configurable based on the dependency scope of the vulnerable artifact. The configuration interface could be implemented a few ways. Off the top of my head, a good way might be to add a "scope" attribute to the "fingerprint" and "metadata" elements. For example, to say that all vulnerable artifacts detected by fingerprint are "fatal" unless they're in the test scope, in which case they are "warning":
i.e. without the scope attribute, the setting applies to all scopes that do not have an explicit setting.
For background:
http://post-office.corp.redhat.com/archives/jboss-integration-platform-developers/2014-May/msg00042.html