You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org> on 2018/12/20 19:25:00 UTC
[jira] [Resolved] (TOMEE-2363) Introduce OWASP dependency checking
in the Maven build process
[ https://issues.apache.org/jira/browse/TOMEE-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Louis MONTEIRO resolved TOMEE-2363.
----------------------------------------
Resolution: Fixed
Assignee: Richard Zowalla
Thanks so much
> Introduce OWASP dependency checking in the Maven build process
> --------------------------------------------------------------
>
> Key: TOMEE-2363
> URL: https://issues.apache.org/jira/browse/TOMEE-2363
> Project: TomEE
> Issue Type: Improvement
> Components: TomEE Build
> Affects Versions: 7.0.5, 7.1.0, 8.0.0-M1
> Reporter: Richard Zowalla
> Assignee: Richard Zowalla
> Priority: Minor
> Labels: pull-request-available
> Fix For: 7.0.6, 7.1.1, 8.0.0-M2
>
>
> As discussed on the mailing list
>
> {quote}Hey,
>
> any objectives against automatic checking of known, publicly disclosed
> dependency vulnerabilities in the Maven build process (e.g. via a profile).
>
> I was thinking about introducing OWASP dependency checking (see
> [https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE
> project, so we are aware of security risks introduced by (transient)
> dependencies.
>
> Any thoughs on this?
>
> Best,
>
> Richard
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)