maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Heinz Marbaise (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MNG-6487) Adding CVE Checks via OWASP
Date Sat, 06 Oct 2018 09:22:00 GMT
Karl Heinz Marbaise created MNG-6487:
----------------------------------------

             Summary: Adding CVE Checks via OWASP
                 Key: MNG-6487
                 URL: https://issues.apache.org/jira/browse/MNG-6487
             Project: Maven
          Issue Type: Improvement
            Reporter: Karl Heinz Marbaise


{{mvn compile org.sonatype.ossindex.maven:ossindex-maven-plugin:audit}}

Result on all modules is a CVSS-score threshold: 0.0

In contrast: IIRC the owasp dependency plugin gave several false positives.

We should consider to add this to the maven-parent to get early notifications on known CVEs.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message