Details
-
New Feature
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Add in a precommit test that makes use of The OWASP Dependency Check to look for known bad dependencies.
there's a maven plugin, ant task, and command line tool. So we should be able to build similar support to what we have for RAT.
Attachments
Attachments
Issue Links
- blocks
-
YETUS-654 dependency checker should use modules
- Open
-
YETUS-655 dependency checker: run both and aggregate output
- Open
- relates to
-
HBASE-20553 Add dependency CVE checking to nightly tests
- In Progress