[jira] [Commented] (YETUS-441) Add a precommit check for known CVEs from dependencies

Sean Busbey (JIRA) Sat, 19 May 2018 17:35:05 -0700

    [ 
https://issues.apache.org/jira/browse/YETUS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481813#comment-16481813
 ]


Sean Busbey commented on YETUS-441:
-----------------------------------

oh what the hell the bintray URL isn't even HTTPS.

> Add a precommit check for known CVEs from dependencies
> ------------------------------------------------------
>
>                 Key: YETUS-441
>                 URL: https://issues.apache.org/jira/browse/YETUS-441
>             Project: Yetus
>          Issue Type: New Feature
>          Components: Test Patch
>            Reporter: Sean Busbey
>            Assignee: Sean Busbey
>            Priority: Major
>         Attachments: YETUS-441.0.patch, YETUS-441.1.patch, YETUS-441.2.patch, 
> YETUS-441.3.patch, dependency-check-suppression.xml
>
>
> Add in a precommit test that makes use of [The OWASP Dependency 
> Check|https://www.owasp.org/index.php/OWASP_Dependency_Check] to look for 
> known bad dependencies.
> there's a maven plugin, ant task, and command line tool. So we should be able 
> to build similar support to what we have for RAT.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (YETUS-441) Add a precommit check for known CVEs from dependencies

Reply via email to