You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Richard Zowalla (JIRA)" <ji...@apache.org> on 2018/12/13 12:33:00 UTC

[jira] [Created] (TOMEE-2363) Introduce OWASP dependency checking in the Maven build process

Richard Zowalla created TOMEE-2363:
--------------------------------------

             Summary: Introduce OWASP dependency checking in the Maven build process
                 Key: TOMEE-2363
                 URL: https://issues.apache.org/jira/browse/TOMEE-2363
             Project: TomEE
          Issue Type: Improvement
          Components: TomEE Build
    Affects Versions: 7.1.0, 7.0.5, 8.0.0-M1
            Reporter: Richard Zowalla


As discussed on the mailing list

 
{quote}Hey, 
 
any objectives against automatic checking of known, publicly disclosed 
dependency vulnerabilities in the Maven build process (e.g. via a profile). 
 
I was thinking about introducing OWASP dependency checking (see 
[https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE 
project, so we are aware of security risks introduced by (transient) 
dependencies. 
 
Any thoughs on this? 
 
Best, 
 
Richard 
{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)