[ https://issues.apache.org/jira/browse/TOMEE-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner updated TOMEE-2363: ---------------------------------- Fix Version/s: 8.0.0-M2 7.1.1 7.0.6 > Introduce OWASP dependency checking in the Maven build process > -------------------------------------------------------------- > > Key: TOMEE-2363 > URL: https://issues.apache.org/jira/browse/TOMEE-2363 > Project: TomEE > Issue Type: Improvement > Components: TomEE Build > Affects Versions: 7.0.5, 7.1.0, 8.0.0-M1 > Reporter: Richard Zowalla > Priority: Minor > Fix For: 7.0.6, 7.1.1, 8.0.0-M2 > > > As discussed on the mailing list > > {quote}Hey, > > any objectives against automatic checking of known, publicly disclosed > dependency vulnerabilities in the Maven build process (e.g. via a profile). > > I was thinking about introducing OWASP dependency checking (see > [https://www.owasp.org/index.php/OWASP_Dependency_Check]) in the TomEE > project, so we are aware of security risks introduced by (transient) > dependencies. > > Any thoughs on this? > > Best, > > Richard > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)