Hi guys, I came by this [1] gradle plugin that is a client to the Sonatype OSS Index CVE database.
I have set it up here in a branch [2], though the cache is not configured and the number of requests is limited. It can be run with "gradle --info audit" It could be nice to have something like this to track the CVEs in the libs we use. I know we have been spammed by libs upgrade automatic requests in the past but CVE are more important IMHO. This plugin is in BSD-3-Clause which is compatible with Apache V2 licence [3] WDYT ? Etienne [1] https://github.com/OSSIndex/ossindex-gradle-plugin [2] https://github.com/echauchot/beam/tree/cve_audit_plugin [3] https://www.apache.org/legal/resolved.html
