You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@yetus.apache.org by "Allen Wittenauer (JIRA)" <ji...@apache.org> on 2018/08/01 17:12:00 UTC
[jira] [Comment Edited] (YETUS-441) Add a precommit check for known
CVEs from dependencies
[ https://issues.apache.org/jira/browse/YETUS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16565644#comment-16565644 ]
Allen Wittenauer edited comment on YETUS-441 at 8/1/18 5:11 PM:
----------------------------------------------------------------
-008:
* fixes a bug when the discovered issue doesn't have a CVE
* adds bundler-audit to the default Dockerfile for ruby gem auditing
was (Author: aw):
-008:
* fixes a bug when the discovered issue doesn't have a CVE
> Add a precommit check for known CVEs from dependencies
> ------------------------------------------------------
>
> Key: YETUS-441
> URL: https://issues.apache.org/jira/browse/YETUS-441
> Project: Yetus
> Issue Type: New Feature
> Components: Test Patch
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Major
> Fix For: 0.8.0
>
> Attachments: YETUS-441.0.patch, YETUS-441.004.patch, YETUS-441.005.patch, YETUS-441.006.patch, YETUS-441.007.patch, YETUS-441.008.patch, YETUS-441.1.patch, YETUS-441.2.patch, YETUS-441.3.patch, dependency-check-suppression.xml
>
>
> Add in a precommit test that makes use of [The OWASP Dependency Check|https://www.owasp.org/index.php/OWASP_Dependency_Check] to look for known bad dependencies.
> there's a maven plugin, ant task, and command line tool. So we should be able to build similar support to what we have for RAT.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)