tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-2363) Introduce OWASP dependency checking in the Maven build process
Date Tue, 18 Dec 2018 10:46:00 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16723920#comment-16723920
] 

ASF GitHub Bot commented on TOMEE-2363:
---------------------------------------

Github user radcortez commented on the issue:

    https://github.com/apache/tomee/pull/276
  
    @rzo1 that sounds great. I'll try it.


> Introduce OWASP dependency checking in the Maven build process
> --------------------------------------------------------------
>
>                 Key: TOMEE-2363
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2363
>             Project: TomEE
>          Issue Type: Improvement
>          Components: TomEE Build
>    Affects Versions: 7.0.5, 7.1.0, 8.0.0-M1
>            Reporter: Richard Zowalla
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 7.0.6, 7.1.1, 8.0.0-M2
>
>
> As discussed on the mailing list
>  
> {quote}Hey, 
>  
> any objectives against automatic checking of known, publicly disclosed 
> dependency vulnerabilities in the Maven build process (e.g. via a profile). 
>  
> I was thinking about introducing OWASP dependency checking (see 
> [https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE 
> project, so we are aware of security risks introduced by (transient) 
> dependencies. 
>  
> Any thoughs on this? 
>  
> Best, 
>  
> Richard 
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message