On 27 February 2014 21:17, Bernd Eckenfels <[email protected]> wrote: > Hello Mark, > > Just wanted to point you to a redhat project which I recently discovered, as > it seems to have potential for this (even if the approach is not the most > decentralized one): > > The Victims Database maps JAR Signatures to known vulnerabilities, if this is > extended with maven coordinates it would be a real helpfull static analysis > tool for build time. >
Sonatype were (are) looking at doing something similar with the data from Central. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
