[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [orbit-dev] ClearlyDefined Now Supported
|
On Wed, 2020-08-19 at 12:28 -0400, Wayne Beaton wrote:
> > I think I just need to find a way to exclude such false positives.
>
> I experimented with using diff and an exclude file with some success.
> You may also be able to do something filtering on Maven scope (i.e.
> put false positives into the provided or test scope).
>
> It's also worth noting that you may not *need* to do anything. The
> tool is intended to help with the process of identifying content that
> needs IP review. If you can explain away a hit, then you may be done.
>
> Wayne
Yeah, an exclusion file for special cases is possible.
It turns out mvn dependency:list -DexcludeTransitive also gets us
closer. ebr-maven-plugin only bundles artifacts explicitly stated in
the module's dependencies tag so if it isn't there, it's safe to
ignore.
This takes us down to about 13 artifacts to look through.
--
Roland Grunberg
