Hi,
We’ve set up a multi-module Maven project with the dependency-check maven plug-in. The Plug-In is configured in the master POM. The overall processing time of the check goal is very slow compared to the Jenkins plug-in.
As far as I can see an expensive “ramp up” phase is executed for every module which takes up to 20 seconds after configuration is read and before the analysis starts. When disabling auto update of CVE database the time goes down to 3-4 seconds. Ideally we only want to update the Database once per build and not number of modules times.
Any advice how we can reduce the overall time? Where and when should the plug-in be executed in a multi-module set-up to minimize build time?
Thanks for this great tool btw!
Cheers,
Alexander