If you want the package repository to add the header, you will need to make 
your request to Sonatype (Nexus) and JFrog (Artifactory)


> On Mar 6, 2018, at 4:12 AM, Peter Muryshkin <murysh...@gmail.com> wrote:
> Hi, all,
> currently you can run OWASP dependency check plugin against your projects.
> Though, this seems to make security more or less optional: unaware either
> lightheaded teams could miss this.
> What if a package repository would integrate with this dependency checking
> and issue a warning, say a special HTTP response code or a header?
> Then, Maven would raise the warning in the console log, like "this
> component is known to have CVE-XYZ! consider upgrading"
> What do you think?

To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Reply via email to