[jira] [Created] (MPOM-210) Adding CVE Checks via OWASP

Karl Heinz Marbaise (JIRA) Sat, 06 Oct 2018 11:00:13 -0700

Karl Heinz Marbaise created MPOM-210:
----------------------------------------


             Summary: Adding CVE Checks via OWASP
                 Key: MPOM-210
                 URL: https://issues.apache.org/jira/browse/MPOM-210
             Project: Maven POMs
          Issue Type: Improvement
          Components: maven
    Affects Versions: MAVEN-33
            Reporter: Karl Heinz Marbaise
             Fix For: MAVEN-34


We should add a configuration for CVS checks for example via OWASP maven plugin.

I think the first step should be add at least an entry in pluginManagement:

{code}
    <plugin>
              <groupId>org.owasp</groupId>
              <artifactId>dependency-check-maven</artifactId>
              <version>3.3.2</version>
  </plugin>
{code}

The other parts would be to add an entry for:

https://github.com/sonatype/ossindex-maven

which is not a good idea at the moment, cause it does not support JDK 10...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (MPOM-210) Adding CVE Checks via OWASP

Reply via email to