Go for it. Jon
On Thu, Dec 13, 2018 at 9:10 AM Richard Zowalla <[email protected]> wrote: > Hey, > > any objectives against automatic checking of known, publicly disclosed > dependency vulnerabilities in the Maven build process (e.g. via a profile). > > I was thinking about introducing OWASP dependency checking (see > https://www.owasp.org/index.php/OWASP_Dependency_Check) in the TomEE > project, so we are aware of security risks introduced by (transient) > dependencies. > > Any thoughs on this? > > Best, > > Richard > > > >
