gt; http://twitter.com/jlouismonteiro
> > >> http://www.tomitribe.com
> > >>
> > >>
> > >> On Thu, Dec 13, 2018 at 10:10 AM Richard Zowalla >
> > >> wrote:
> > >>
> > >>> Hey,
> > >>>
>
luable contribution
> >> --
> >> Jean-Louis Monteiro
> >> http://twitter.com/jlouismonteiro
> >> http://www.tomitribe.com
> >>
> >>
> >> On Thu, Dec 13, 2018 at 10:10 AM Richard Zowalla
> >> wrote:
> >>
> >>>
disclosed
> dependency vulnerabilities in the Maven build process (e.g. via a profile).
>
> I was thinking about introducing OWASP dependency checking (see
> https://www.owasp.org/index.php/OWASP_Dependency_Check) in the TomEE
> project, so we are aware of security risks introduced by (t
Hey,
any objectives against automatic checking of known, publicly disclosed
dependency vulnerabilities in the Maven build process (e.g. via a profile).
I was thinking about introducing OWASP dependency checking (see
https://www.owasp.org/index.php/OWASP_Dependency_Check) in the TomEE