You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Richard Zowalla (JIRA)" <ji...@apache.org> on 2018/12/13 12:33:00 UTC
[jira] [Created] (TOMEE-2363) Introduce OWASP dependency checking
in the Maven build process
Richard Zowalla created TOMEE-2363:
--------------------------------------
Summary: Introduce OWASP dependency checking in the Maven build process
Key: TOMEE-2363
URL: https://issues.apache.org/jira/browse/TOMEE-2363
Project: TomEE
Issue Type: Improvement
Components: TomEE Build
Affects Versions: 7.1.0, 7.0.5, 8.0.0-M1
Reporter: Richard Zowalla
As discussed on the mailing list
{quote}Hey,
any objectives against automatic checking of known, publicly disclosed
dependency vulnerabilities in the Maven build process (e.g. via a profile).
I was thinking about introducing OWASP dependency checking (see
[https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE
project, so we are aware of security risks introduced by (transient)
dependencies.
Any thoughs on this?
Best,
Richard
{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)