[YETUS-441] Add a precommit check for known CVEs from dependencies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Precommit
Labels:
None

Description

Add in a precommit test that makes use of The OWASP Dependency Check to look for known bad dependencies.

there's a maven plugin, ant task, and command line tool. So we should be able to build similar support to what we have for RAT.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YETUS-441.3.patch
09/May/18 17:41
21 kB
Sean Busbey
YETUS-441.2.patch
09/May/18 16:45
21 kB
Sean Busbey
YETUS-441.1.patch
05/May/18 02:58
17 kB
Sean Busbey
YETUS-441.008.patch
01/Aug/18 17:09
24 kB
Allen Wittenauer
YETUS-441.007.patch
01/Aug/18 15:41
23 kB
Allen Wittenauer
YETUS-441.006.patch
01/Aug/18 14:57
23 kB
Allen Wittenauer
YETUS-441.005.patch
01/Aug/18 14:42
23 kB
Allen Wittenauer
YETUS-441.004.patch
24/Jul/18 18:02
23 kB
Allen Wittenauer
YETUS-441.0.patch
04/May/18 15:36
16 kB
Sean Busbey
dependency-check-suppression.xml
05/May/18 05:36
5 kB
Sean Busbey

Issue Links

blocks

YETUS-654 dependency checker should use modules

Open

YETUS-655 dependency checker: run both and aggregate output

Open

relates to

HBASE-20553 Add dependency CVE checking to nightly tests

In Progress

Activity

People

Assignee:: Sean Busbey

Reporter:: Sean Busbey

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 15/Aug/16 21:36

Updated:: 31/Dec/18 05:30