You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Csaba Ringhofer (Jira)" <ji...@apache.org> on 2021/02/23 21:07:01 UTC
[jira] [Created] (IMPALA-10543) Add tool to check for CVEs among
dependencies
Csaba Ringhofer created IMPALA-10543:
----------------------------------------
Summary: Add tool to check for CVEs among dependencies
Key: IMPALA-10543
URL: https://issues.apache.org/jira/browse/IMPALA-10543
Project: IMPALA
Issue Type: Improvement
Components: Infrastructure
Reporter: Csaba Ringhofer
Tried dependency-check-maven and it seems very easy to use:
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
Most of the issues it found seemed false positive or irrelevant for Impala, but it can be still useful to run it after adding new dependencies in maven.
Integrating it could look like this:
1. add the plugin to java/pom.xml to make running it a one line command
2. add a suppressions.xml to suppress known issues
3. potentially create a job that runs it automatically
--
This message was sent by Atlassian Jira
(v8.3.4#803005)