hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13198) Add support for OWASP's dependency-check
Date Wed, 25 May 2016 00:26:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15299226#comment-15299226
] 

Larry McCay commented on HADOOP-13198:
--------------------------------------

+1 on the patch and for putting in on the RM checklist and it being part of what is tested.
It should actually be evaluated before publishing an rc.

> Add support for OWASP's dependency-check
> ----------------------------------------
>
>                 Key: HADOOP-13198
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13198
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.6.4
>            Reporter: Mike Yoder
>            Assignee: Mike Yoder
>            Priority: Minor
>         Attachments: HADOOP-13198.001.patch, hadoop-all-dependency-check-report.html
>
>
> OWASP's Dependency-Check is a utility that identifies project
> dependencies and checks if there are any known, publicly disclosed,
> vulnerabilities.
> See https://www.owasp.org/index.php/OWASP_Dependency_Check
> This is very useful to stay on top of known vulnerabilities in third party jars. Since
it's a maven plugin it's pretty easy to drop in.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message