Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2363

Introduce OWASP dependency checking in the Maven build process

    XMLWordPrintableJSON

    Details

      Description

      As discussed on the mailing list

       

      Hey,

      any objectives against automatic checking of known, publicly disclosed
      dependency vulnerabilities in the Maven build process (e.g. via a profile).

      I was thinking about introducing OWASP dependency checking (see
      https://www.owasp.org/index.php/OWASP_Dependency_Check) in the TomEE
      project, so we are aware of security risks introduced by (transient)
      dependencies.

      Any thoughs on this?

      Best,

      Richard

        Attachments

          Activity

            People

            • Assignee:
              rzo1 Richard Zowalla
              Reporter:
              rzo1 Richard Zowalla
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: