Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3865

Add OWASP dependency-check to build

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.13, 2.0.6, 3.0.0 PDFBox
    • Fix Version/s: 1.8.14, 2.0.7, 3.0.0 PDFBox
    • Component/s: None
    • Labels:

      Description

      https://github.com/jeremylong/dependency-check-gradle#current-release
      checks the build against known security issues. I tried it with a project that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.

      Because the database needs 400MB in the repository we'll run it only in "pedantic" mode, i.e. for the jenkins builds.

        Attachments

          Activity

            People

            • Assignee:
              tilman Tilman Hausherr
              Reporter:
              tilman Tilman Hausherr
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: