You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nutch.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/10/24 09:00:00 UTC
[jira] [Commented] (NUTCH-2668) Integrate OWASP dependency checks
as ant target
[ https://issues.apache.org/jira/browse/NUTCH-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661959#comment-16661959 ]
ASF GitHub Bot commented on NUTCH-2668:
---------------------------------------
sebastian-nagel opened a new pull request #404: NUTCH-2668 Integrate OWASP dependency checks as ant target
URL: https://github.com/apache/nutch/pull/404
- add ant target "report-vulnerabilities" to generate report
- initial suppression list to exclude false positives
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>
> Key: NUTCH-2668
> URL: https://issues.apache.org/jira/browse/NUTCH-2668
> Project: Nutch
> Issue Type: Improvement
> Components: build
> Affects Versions: 2.4, 1.16
> Reporter: Sebastian Nagel
> Priority: Major
> Fix For: 2.4, 1.16
>
>
> [OWASP|http://www.owasp.org/] provides the [ant tool "dependency-check"|https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html] which lists potential vulnerabilities of library dependencies. We should integrate the generation of vulnerability reports into our build system as an optional task/target recommended to be run from time to time and especially shortly before releases are prepared.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)