Thank you, I agree this is very important. Does anyone know a similar tool for python and go?
On Thu, Feb 28, 2019 at 8:26 AM Etienne Chauchot <[email protected]> wrote: > Hi guys, > > I came by this [1] gradle plugin that is a client to the Sonatype OSS > Index CVE database. > > I have set it up here in a branch [2], though the cache is not configured > and the number of requests is limited. It can be run with "gradle --info > audit" > > It could be nice to have something like this to track the CVEs in the libs > we use. I know we have been spammed by libs upgrade automatic requests in > the past but CVE are more important IMHO. > > This plugin is in BSD-3-Clause which is compatible with Apache V2 licence > [3] > > WDYT ? > > Etienne > > [1] https://github.com/OSSIndex/ossindex-gradle-plugin > [2] https://github.com/echauchot/beam/tree/cve_audit_plugin > [3] https://www.apache.org/legal/resolved.html >
