Hi dev@, This is a heads up that I have created a project titled "Security vulnerability reduction for the Apache Nutch Web crawler project" which will be taken on within USC's CSCI 401 senior computer science capstone program. A very brief description is below for anyone interested.
This project will achieve two things 1. Vulnerability reduction: use existing tools (NUTCH-2840) to detect publicly disclosed security vulnerabilities associated with the project’s dependencies and establish a strategy for upgrading those dependencies. 2. Automate dependency management: implement a Dependabot-like capability which creates pull requests to keep the project dependencies secure and up-to-date. For those that use dependabot (https://dependabot.com/), I'm sure you will agree that it makes life a lot easier. It does not however provide any checkers for projects using Apache Ant as the build lifecycle tool. We will implement adequate checking for Ant builds and maybe even donate the tool to dependabot... who knows. lewismc
