[jira] [Commented] (MNG-6487) Adding CVE Checks via OWASP

ASF GitHub Bot (Jira) Fri, 28 Oct 2022 07:38:06 -0700


    [ 
https://issues.apache.org/jira/browse/MNG-6487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625749#comment-17625749
 ]


ASF GitHub Bot commented on MNG-6487:
-------------------------------------

mthmulders commented on PR #858:
URL: https://github.com/apache/maven/pull/858#issuecomment-1295081209

   I think this should go to 
[maven-parent](https://github.com/apache/maven-parent).




> Adding CVE Checks via OWASP
> ---------------------------
>
>                 Key: MNG-6487
>                 URL: https://issues.apache.org/jira/browse/MNG-6487
>             Project: Maven
>          Issue Type: Improvement
>            Reporter: Karl Heinz Marbaise
>            Priority: Critical
>
> {{mvn compile org.sonatype.ossindex.maven:ossindex-maven-plugin:audit}}
> Result on all modules is a CVSS-score threshold: 0.0
> In contrast: IIRC the owasp dependency plugin gave several false positives.
> We should consider to add this to the maven-parent to get early notifications 
> on known CVEs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-6487) Adding CVE Checks via OWASP

Reply via email to