From notifications-return-5509-archive-asf-public=cust-asf.ponee.io@yetus.apache.org Tue Jul 24 20:38:05 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id DAE5C180626 for ; Tue, 24 Jul 2018 20:38:04 +0200 (CEST) Received: (qmail 9085 invoked by uid 500); 24 Jul 2018 18:38:03 -0000 Mailing-List: contact notifications-help@yetus.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@yetus.apache.org Delivered-To: mailing list notifications@yetus.apache.org Received: (qmail 9076 invoked by uid 99); 24 Jul 2018 18:38:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jul 2018 18:38:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 786BF1A23C2 for ; Tue, 24 Jul 2018 18:38:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.501 X-Spam-Level: X-Spam-Status: No, score=-109.501 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id btlMV1waXdbg for ; Tue, 24 Jul 2018 18:38:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 1B1E25F3AC for ; Tue, 24 Jul 2018 18:38:02 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 4614AE0CBC for ; Tue, 24 Jul 2018 18:38:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id AFC2C27746 for ; Tue, 24 Jul 2018 18:38:00 +0000 (UTC) Date: Tue, 24 Jul 2018 18:38:00 +0000 (UTC) From: "Allen Wittenauer (JIRA)" To: notifications@yetus.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YETUS-441) Add a precommit check for known CVEs from dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/YETUS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16554653#comment-16554653 ] Allen Wittenauer commented on YETUS-441: ---------------------------------------- Before I forget, one thing I didn't do but thought about was adding an entry to the test table (the one that shows the specific tests that failed) that lists the specific bits that dep check is complaining about. We can either do that now or commit this and make that a followup. > Add a precommit check for known CVEs from dependencies > ------------------------------------------------------ > > Key: YETUS-441 > URL: https://issues.apache.org/jira/browse/YETUS-441 > Project: Yetus > Issue Type: New Feature > Components: Test Patch > Reporter: Sean Busbey > Assignee: Sean Busbey > Priority: Major > Attachments: YETUS-441.0.patch, YETUS-441.004.patch, YETUS-441.1.patch, YETUS-441.2.patch, YETUS-441.3.patch, dependency-check-suppression.xml > > > Add in a precommit test that makes use of [The OWASP Dependency Check|https://www.owasp.org/index.php/OWASP_Dependency_Check] to look for known bad dependencies. > there's a maven plugin, ant task, and command line tool. So we should be able to build similar support to what we have for RAT. -- This message was sent by Atlassian JIRA (v7.6.3#76005)