David Brosius created MRM-2040:
----------------------------------
Summary: Add search by hash
Key: MRM-2040
URL: https://issues.apache.org/jira/browse/MRM-2040
Project: Archiva
Issue Type: Improvement
Components: search
Affects Versions: 2.2.7
Reporter: David Brosius
Dependency Check is a tool that looks for vulnerabilities in a product and it's
dependencies.
[https://github.com/jeremylong/DependencyCheck]
To perform it's work, it needs to take a local artifact, calculate it's hash,
then look up the maven coordinates for that artifact based on the hash in the
maven repository in force. It then uses those coordinates to lookup CVE
information for this artifact.
To support artifacts in Archiva, it would be needed that Archiva allow
searching for artifacts based on sha hash.
Dependency check has a Analyzer interface that is implemented in various ways
(NexusAnalyzer) if you want to see how they do the search there. This ticket is
the ask just to support the hash search end point.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
