[
https://issues.apache.org/jira/browse/NUTCH-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661965#comment-16661965
]
Sebastian Nagel commented on NUTCH-2668:
----------------------------------------
Attached the reports for the current master (1.x) and 2x branch. Help on
completing the suppression list is welcome, by now I've added only one
vulnerability which only applies to tika-server and not tika-core or
tika-parsers which is used in Nutch.
> Integrate OWASP dependency checks as ant target
> -----------------------------------------------
>
> Key: NUTCH-2668
> URL: https://issues.apache.org/jira/browse/NUTCH-2668
> Project: Nutch
> Issue Type: Improvement
> Components: build
> Affects Versions: 2.4, 1.16
> Reporter: Sebastian Nagel
> Priority: Major
> Fix For: 2.4, 1.16
>
> Attachments: 1x-dependency-check-report.html,
> 1x-dependency-check-vulnerability.html, 2x-dependency-check-report.html,
> 2x-dependency-check-vulnerability.html
>
>
> [OWASP|http://www.owasp.org/] provides the [ant tool
> "dependency-check"|https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html]
> which lists potential vulnerabilities of library dependencies. We should
> integrate the generation of vulnerability reports into our build system as an
> optional task/target recommended to be run from time to time and especially
> shortly before releases are prepared.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
