[
https://issues.apache.org/jira/browse/YETUS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481340#comment-16481340
]
Allen Wittenauer commented on YETUS-441:
----------------------------------------
Rather than require the other jenkins job, is there any reason we can't also
leverage the custom maven repo (if defined)?
owasp-dependency-check-cache.sh:
Minor nit.
It would be great if we could leverage the existing code base for some of this
stuff. As it is, curl needs to be in the PATH, the absolute path has some edge
cases it will break on, etc, etc.
> Add a precommit check for known CVEs from dependencies
> ------------------------------------------------------
>
> Key: YETUS-441
> URL: https://issues.apache.org/jira/browse/YETUS-441
> Project: Yetus
> Issue Type: New Feature
> Components: Test Patch
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Major
> Attachments: YETUS-441.0.patch, YETUS-441.1.patch, YETUS-441.2.patch,
> YETUS-441.3.patch, dependency-check-suppression.xml
>
>
> Add in a precommit test that makes use of [The OWASP Dependency
> Check|https://www.owasp.org/index.php/OWASP_Dependency_Check] to look for
> known bad dependencies.
> there's a maven plugin, ant task, and command line tool. So we should be able
> to build similar support to what we have for RAT.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
