If you want the package repository to add the header, you will need to make 
your request to Sonatype (Nexus) and JFrog (Artifactory)

Chas

> On Mar 6, 2018, at 4:12 AM, Peter Muryshkin <murysh...@gmail.com> wrote:
> 
> Hi, all,
> 
> currently you can run OWASP dependency check plugin against your projects.
> 
> Though, this seems to make security more or less optional: unaware either
> lightheaded teams could miss this.
> 
> What if a package repository would integrate with this dependency checking
> and issue a warning, say a special HTTP response code or a header?
> 
> Then, Maven would raise the warning in the console log, like "this
> component is known to have CVE-XYZ! consider upgrading"
> 
> What do you think?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Reply via email to