[DAFFODIL-1379] Add security scan tool to build cycle - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.7.0
Component/s: Infrastructure
Labels:
None

Description

There are free or low-cost tools from Black Duck and Sonatype which are scanners that examine the specific versions of OSS components in a system and which report on their known security vulnerabilities.

E.g., http://www.businesswire.com/news/home/20150618005073/en/Black-Duck-Releases-Free-Vulnerability-Plugin-Open#.VYP9u_lViko

(Perhaps atlassian - which is the tool set - mostly - at ncsa.illinois.edu, also has one of these?)

We should look into adding one of these to our build process. It goes hand in hand with the tool we use to gather up and generate the license pages, and given the kinds of applications in network security that people discuss using DFDL for, this would be a value-add.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Mike Beckerle

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jun/15 12:29

Updated:: 24/May/21 11:12

Resolved:: 21/Oct/20 19:28