[
https://issues.apache.org/jira/browse/YETUS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481485#comment-16481485
]
Sean Busbey commented on YETUS-441:
-----------------------------------
bq. Rather than require the other jenkins job, is there any reason we can't
also leverage the custom maven repo (if defined)?
I'm not following. how will a maven repo come into play?
bq. It would be great if we could leverage the existing code base for some of
this stuff. As it is, curl needs to be in the PATH, the absolute path has some
edge cases it will break on, etc, etc.
Yeah I was thinking about doing this. Wasn't sure it would be worth the
overhead. I'll see if I can find time next week.
> Add a precommit check for known CVEs from dependencies
> ------------------------------------------------------
>
> Key: YETUS-441
> URL: https://issues.apache.org/jira/browse/YETUS-441
> Project: Yetus
> Issue Type: New Feature
> Components: Test Patch
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Major
> Attachments: YETUS-441.0.patch, YETUS-441.1.patch, YETUS-441.2.patch,
> YETUS-441.3.patch, dependency-check-suppression.xml
>
>
> Add in a precommit test that makes use of [The OWASP Dependency
> Check|https://www.owasp.org/index.php/OWASP_Dependency_Check] to look for
> known bad dependencies.
> there's a maven plugin, ant task, and command line tool. So we should be able
> to build similar support to what we have for RAT.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
