hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13198) Add support for OWASP's dependency-check
Date Wed, 25 May 2016 17:18:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15300455#comment-15300455
] 

Allen Wittenauer commented on HADOOP-13198:
-------------------------------------------

The inability to block out false positives, lack of CVE caching, and HTML output make this
functionality less than ideal for any sort of automated job. :(

> Add support for OWASP's dependency-check
> ----------------------------------------
>
>                 Key: HADOOP-13198
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13198
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.6.4
>            Reporter: Mike Yoder
>            Assignee: Mike Yoder
>            Priority: Minor
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-13198.001.patch
>
>
> OWASP's Dependency-Check is a utility that identifies project
> dependencies and checks if there are any known, publicly disclosed,
> vulnerabilities.
> See https://www.owasp.org/index.php/OWASP_Dependency_Check
> This is very useful to stay on top of known vulnerabilities in third party jars. Since
it's a maven plugin it's pretty easy to drop in.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message