Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-6487

Adding CVE Checks via OWASP

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      mvn compile org.sonatype.ossindex.maven:ossindex-maven-plugin:audit

      Result on all modules is a CVSS-score threshold: 0.0

      In contrast: IIRC the owasp dependency plugin gave several false positives.

      We should consider to add this to the maven-parent to get early notifications on known CVEs.

      Attachments

        Issue Links

          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. MPOM-210 Adding CVE Checks via OWASP

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #858

          Activity

            People

              Unassigned Unassigned
              khmarbaise Karl Heinz Marbaise
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: