[
https://issues.apache.org/jira/browse/NUTCH-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661959#comment-16661959
]
ASF GitHub Bot commented on NUTCH-2668:
---------------------------------------
sebastian-nagel opened a new pull request #404: NUTCH-2668 Integrate OWASP
dependency checks as ant target
URL: https://github.com/apache/nutch/pull/404
- add ant target "report-vulnerabilities" to generate report
- initial suppression list to exclude false positives
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>
> Key: NUTCH-2668
> URL: https://issues.apache.org/jira/browse/NUTCH-2668
> Project: Nutch
> Issue Type: Improvement
> Components: build
> Affects Versions: 2.4, 1.16
> Reporter: Sebastian Nagel
> Priority: Major
> Fix For: 2.4, 1.16
>
>
> [OWASP|http://www.owasp.org/] provides the [ant tool
> "dependency-check"|https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html]
> which lists potential vulnerabilities of library dependencies. We should
> integrate the generation of vulnerability reports into our build system as an
> optional task/target recommended to be run from time to time and especially
> shortly before releases are prepared.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
