Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
ghx-label-8
Description
Tried dependency-check-maven and it seems very easy to use:
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
Most of the issues it found seemed false positive or irrelevant for Impala, but it can be still useful to run it after adding new dependencies in maven.
Integrating it could look like this:
1. add the plugin to java/pom.xml to make running it a one line command
2. add a suppressions.xml to suppress known issues
3. potentially create a job that runs it automatically