You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tamaya.apache.org by "Philipp Ottlinger (JIRA)" <ji...@apache.org> on 2016/09/12 18:29:20 UTC
[jira] [Created] (TAMAYA-177) Add security improved findbugs rules
and OWASP dependency checker to Tamaya build process
Philipp Ottlinger created TAMAYA-177:
----------------------------------------
Summary: Add security improved findbugs rules and OWASP dependency checker to Tamaya build process
Key: TAMAYA-177
URL: https://issues.apache.org/jira/browse/TAMAYA-177
Project: Tamaya
Issue Type: Improvement
Components: Infrastructure
Affects Versions: 0.2-incubating
Reporter: Philipp Ottlinger
Assignee: Philipp Ottlinger
Fix For: 0.3-incubating
Since Tamaya is such a vital part of a running software it should not have too many security problems, thus:
* enable security findbugs rules - https://find-sec-bugs.github.io
* add special build profile that checks for dependencies with known CVEs (owasp dependency scanner) - https://github.com/jeremylong/DependencyCheck
to Tamaya main repo.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Created] (TAMAYA-177) Add security improved findbugs
rules and OWASP dependency checker to Tamaya build process
Posted by Werner Keil <we...@gmail.com>.
Ok, guess you're having a F2F with Anatole followed by his talk,
Hackergarten and F2F opportunity at JavaOne, so I guess we'll get in touch
over the next 7-10 days...
Cheers,
Werner
On Mon, Sep 12, 2016 at 8:41 PM, P. Ottlinger <po...@apache.org> wrote:
> Hi,
>
> Am 12.09.2016 um 20:40 schrieb Werner Keil:
> > Was there supposed to be a hangout today?
>
> Not that I'm aware of -
> it's so hot in Berlin ..... better not sit in front of the box :-)
>
> Cheers,
> Phil
>
>
Re: [jira] [Created] (TAMAYA-177) Add security improved findbugs
rules and OWASP dependency checker to Tamaya build process
Posted by "P. Ottlinger" <po...@apache.org>.
Hi,
Am 12.09.2016 um 20:40 schrieb Werner Keil:
> Was there supposed to be a hangout today?
Not that I'm aware of -
it's so hot in Berlin ..... better not sit in front of the box :-)
Cheers,
Phil
Re: [jira] [Created] (TAMAYA-177) Add security improved findbugs
rules and OWASP dependency checker to Tamaya build process
Posted by Werner Keil <we...@gmail.com>.
Was there supposed to be a hangout today?
Werner
On Mon, Sep 12, 2016 at 8:29 PM, Philipp Ottlinger (JIRA) <ji...@apache.org>
wrote:
> Philipp Ottlinger created TAMAYA-177:
> ----------------------------------------
>
> Summary: Add security improved findbugs rules and OWASP
> dependency checker to Tamaya build process
> Key: TAMAYA-177
> URL: https://issues.apache.org/jira/browse/TAMAYA-177
> Project: Tamaya
> Issue Type: Improvement
> Components: Infrastructure
> Affects Versions: 0.2-incubating
> Reporter: Philipp Ottlinger
> Assignee: Philipp Ottlinger
> Fix For: 0.3-incubating
>
>
> Since Tamaya is such a vital part of a running software it should not have
> too many security problems, thus:
> * enable security findbugs rules - https://find-sec-bugs.github.io
> * add special build profile that checks for dependencies with known CVEs
> (owasp dependency scanner) - https://github.com/jeremylong/DependencyCheck
> to Tamaya main repo.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>