[TOMEE-2363] Introduce OWASP dependency checking in the Maven build process - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0.5, 7.1.0, 8.0.0-M1
Fix Version/s: 8.0.0-M2, 7.0.6, 7.1.1
Component/s: TomEE Build
Labels:
- pull-request-available

Description

As discussed on the mailing list

Hey,

any objectives against automatic checking of known, publicly disclosed
dependency vulnerabilities in the Maven build process (e.g. via a profile).

I was thinking about introducing OWASP dependency checking (see
https://www.owasp.org/index.php/OWASP_Dependency_Check) in the TomEE
project, so we are aware of security risks introduced by (transient)
dependencies.

Any thoughs on this?

Best,

Richard

Attachments

Issue Links

links to

GitHub Pull Request #276

GitHub Pull Request #297

GitHub Pull Request #298

Activity

People

Assignee:: Richard Zowalla

Reporter:: Richard Zowalla

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Dec/18 12:32

Updated:: 21/Dec/18 09:13

Resolved:: 20/Dec/18 19:24