You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@fluo.apache.org by GitBox <gi...@apache.org> on 2018/08/15 04:56:04 UTC

[GitHub] ctubbsii commented on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)

ctubbsii commented on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)
URL: https://github.com/apache/fluo/issues/1046#issuecomment-413094178
 
 
   This has been on my personal TODO list for some time, and is a good idea for informational purposes. However, be aware that Fluo does not (generally) bundle dependencies in the project, so the CVEs that affect any given individual and their dependency set depends not on what Fluo has declared in its POM, but on what the user decides to install on their system during their own dependency-integration and packaging phases of their particular Fluo deployment. CVE analysis on the dependencies in Fluo's POMs only tells you what is vulnerable in the versions we're developing against, not necessarily what is vulnerable the versions in their configured Maven repository, class path, or deployment environment. Users should be aware of that limitation and should always be responsible for their own deployed software environments.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services