From issues-return-90165-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Tue Feb 20 14:24:05 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 42A60180654 for ; Tue, 20 Feb 2018 14:24:05 +0100 (CET) Received: (qmail 94655 invoked by uid 500); 20 Feb 2018 13:24:04 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 94646 invoked by uid 500); 20 Feb 2018 13:24:04 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 94643 invoked by uid 99); 20 Feb 2018 13:24:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Feb 2018 13:24:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id C5855C012E for ; Tue, 20 Feb 2018 13:24:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.511 X-Spam-Level: X-Spam-Status: No, score=-109.511 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id AXXCa1LOCjDy for ; Tue, 20 Feb 2018 13:24:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 1EF825F121 for ; Tue, 20 Feb 2018 13:24:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 59100E00A6 for ; Tue, 20 Feb 2018 13:24:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 1C2FD21E59 for ; Tue, 20 Feb 2018 13:24:00 +0000 (UTC) Date: Tue, 20 Feb 2018 13:24:00 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-10271) detect vulnerabilities in depndencies MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-10271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16370048#comment-16370048 ] ASF GitHub Bot commented on CLOUDSTACK-10271: --------------------------------------------- rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for owasp dependency check added URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-366975836 I restarted travis job, if it turns out green I will proceed and merge this one ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org > detect vulnerabilities in depndencies > ------------------------------------- > > Key: CLOUDSTACK-10271 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10271 > Project: CloudStack > Issue Type: Wish > Security Level: Public(Anyone can view this level - this is the default.) > Reporter: Daan Hoogland > Assignee: Daan Hoogland > Priority: Major > > As a developer I want to know whether and what dependencies I am using that might harm my users. For this we need to add the owasp dependency checker to the maven build. It will require more then just this but it is a good first step. -- This message was sent by Atlassian JIRA (v7.6.3#76005)