You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org> on 2018/12/20 19:25:00 UTC

[jira] [Resolved] (TOMEE-2363) Introduce OWASP dependency checking in the Maven build process

     [ https://issues.apache.org/jira/browse/TOMEE-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Louis MONTEIRO resolved TOMEE-2363.
----------------------------------------
    Resolution: Fixed
      Assignee: Richard Zowalla

Thanks so much

> Introduce OWASP dependency checking in the Maven build process
> --------------------------------------------------------------
>
>                 Key: TOMEE-2363
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2363
>             Project: TomEE
>          Issue Type: Improvement
>          Components: TomEE Build
>    Affects Versions: 7.0.5, 7.1.0, 8.0.0-M1
>            Reporter: Richard Zowalla
>            Assignee: Richard Zowalla
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 7.0.6, 7.1.1, 8.0.0-M2
>
>
> As discussed on the mailing list
>  
> {quote}Hey, 
>  
> any objectives against automatic checking of known, publicly disclosed 
> dependency vulnerabilities in the Maven build process (e.g. via a profile). 
>  
> I was thinking about introducing OWASP dependency checking (see 
> [https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE 
> project, so we are aware of security risks introduced by (transient) 
> dependencies. 
>  
> Any thoughs on this? 
>  
> Best, 
>  
> Richard 
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)