Add option to suppress failures

[hypery2k]

Would be great a have a option to not fail the build, something like ignoreBuildStatus at this point.

If needed I can add a PR for this.

[jeremylong]

The option already exists (failOnError). See the ODC gradle documentation for more info.

dependencyCheck {
   failOnError = false
}

[hypery2k]

thanks for the reply. I know this one, but if the vulnerabilities exceeds the threshold in my project the build fails even if i set this to false

[jeremylong]

Just getting back to this - instead of a new ignoreBuildStatus wouldn't just setting failBuildOnCVSS=11 work to disable this build failure?

[hypery2k]

mmh i want something like a dry run, keeping my current cvss threshold and logging the results silently. But when failBuildOnCVSS 11 set I modify my threshold

[vidgeus]

As per discussion, it's already configurable. I have a boolean property (external configuration) that I set if I want to fail the build. You can do something like this in order to not fail. This is in my build.gradle:

dependencyCheck {
    if (owasp_failOnVulnerability.toBoolean()) {
        failBuildOnCVSS = 0
    }
}