apache · suneet-s · Feb 17, 2021 · Feb 11, 2021 · Feb 12, 2021
diff --git a/.travis.yml b/.travis.yml
@@ -639,10 +639,12 @@ jobs:
       stage: cron
       install: skip
       script: |-
-        ${MVN} dependency-check:check || { echo "
+        ${MVN} dependency-check:aggregate -pl '!integration-tests' || { echo "
 
         The OWASP dependency check has found security vulnerabilities. Please use a newer version
-        of the dependency that does not have vulnerabilities. If the analysis has false positives,
+        of the dependency that does not have vulnerabilities. To see a report run
+        `mvn dependency-check:check`
+        If the analysis has false positives,
         they can be suppressed by adding entries to owasp-dependency-check-suppressions.xml (for more
         information, see https://jeremylong.github.io/DependencyCheck/general/suppression.html).
 

diff --git a/pom.xml b/pom.xml
@@ -1570,9 +1570,9 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.3.2</version>
+                <version>6.0.3</version>
+                <inherited>false</inherited>
                 <configuration>
-                    <cveValidForHours>24</cveValidForHours>
                     <failBuildOnCVSS>7</failBuildOnCVSS>
                     <skipProvidedScope>true</skipProvidedScope>
                     <skipSystemScope>true</skipSystemScope>  <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
@@ -1583,6 +1583,9 @@
                 </configuration>
                 <executions>
                     <execution>
+                        <goals>
+                            <goal>aggregate</goal>
+                        </goals>
                         <phase>none</phase>  <!-- TODO: Consider enabling so part of dev flow instead of just CI -->
                     </execution>
                 </executions>