See responses inline. > -----Original Message----- > From: Jack O'Connor [mailto:jackoc...@verizon.net] > Sent: Monday, November 26, 2018 9:11 PM > To: users@maven.apache.org > Subject: [maven] Security Questions - Maven > > Hello, > > > > My company is considering using Apache Maven but I need some answers to > some > security questions. I hope someone out there can help me out. > > > > 1) Is the software compliant with U.S. Federal Information Processing > Standard (FIPS) 140-2? >
You will need to use a compliant or certified JRE/JDK configuration. Maven inherits the status of the JVM. > 2) Is any third party software bundled with the software? Please refer to the lib directory for all 3rd party libraries. There are no third party executables. > > 3) Can the software export security related audit trails to external > collection systems, such as syslog or ArcSight? Yes, you will need to ensure the logging properties are configured to do so. > > 5) Are user accounts required or optional? > Not applicable. > > > Thank you! > > > > Jack --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org