maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Heinz Marbaise (JIRA)" <>
Subject [jira] [Created] (MNG-6487) Adding CVE Checks via OWASP
Date Sat, 06 Oct 2018 09:22:00 GMT
Karl Heinz Marbaise created MNG-6487:

             Summary: Adding CVE Checks via OWASP
                 Key: MNG-6487
             Project: Maven
          Issue Type: Improvement
            Reporter: Karl Heinz Marbaise

{{mvn compile org.sonatype.ossindex.maven:ossindex-maven-plugin:audit}}

Result on all modules is a CVSS-score threshold: 0.0

In contrast: IIRC the owasp dependency plugin gave several false positives.

We should consider to add this to the maven-parent to get early notifications on known CVEs.

This message was sent by Atlassian JIRA

View raw message