Hi, all,

currently you can run OWASP dependency check plugin against your projects.

Though, this seems to make security more or less optional: unaware either
lightheaded teams could miss this.

What if a package repository would integrate with this dependency checking
and issue a warning, say a special HTTP response code or a header?

Then, Maven would raise the warning in the console log, like "this
component is known to have CVE-XYZ! consider upgrading"

What do you think?

Reply via email to