[
https://issues.apache.org/jira/browse/TOBAGO-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15152396#comment-15152396
]
Mike Kienenberger commented on TOBAGO-1532:
-------------------------------------------
Only partially related, but have you looked at integrating find-sec-bugs into
the build process? It's an external plugin for findbugs.
http://find-sec-bugs.github.io/
OWASP TOP 10 and CWE coverage
Extensive references are given for each bug patterns with references to OWASP
Top 10 and CWE.
> Adding CVE check of OWASP to the release process
> ------------------------------------------------
>
> Key: TOBAGO-1532
> URL: https://issues.apache.org/jira/browse/TOBAGO-1532
> Project: MyFaces Tobago
> Issue Type: Improvement
> Components: Build
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Priority: Minor
>
> There is a tool from OWASP to check for known security problems in dependent
> libraries.
> See https://www.owasp.org/index.php/OWASP_Dependency_Check
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
