You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Praveendra Singh (JIRA)" <ji...@apache.org> on 2018/04/17 22:01:00 UTC
[jira] [Commented] (GEODE-5098) Integrate OWASP Dependency Check
for known vulnerabilities
[ https://issues.apache.org/jira/browse/GEODE-5098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16441565#comment-16441565 ]
Praveendra Singh commented on GEODE-5098:
-----------------------------------------
this is something we should leverage in all Apache Open Source systems.
> Integrate OWASP Dependency Check for known vulnerabilities
> ----------------------------------------------------------
>
> Key: GEODE-5098
> URL: https://issues.apache.org/jira/browse/GEODE-5098
> Project: Geode
> Issue Type: Improvement
> Components: build
> Reporter: Praveendra Singh
> Priority: Major
>
> Given the sensitivity of the Geode system, we would like to avoid any vulnerable dependencies sneaking into the final product. One way to be little defensive is to leverage OWASP Dependency-Check. There are paid services (e.g. Veracode) in the market however OWASP tool gives results which are very close to the commercial services.
> h2. OWASP Dependency-Check
> Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.
>
> ref: [https://www.owasp.org/index.php/OWASP_Dependency_Check]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)