+1 Great!
On 1/28/21 3:55 AM, Lewis John McGibbney wrote:
Hi dev@,
This is a heads up that I have created a project titled "Security vulnerability
reduction for the Apache Nutch Web crawler project" which will be taken on within
USC's CSCI 401 senior computer science capstone program. A very brief description is
below for anyone interested.
This project will achieve two things
1. Vulnerability reduction: use existing tools (NUTCH-2840) to detect
publicly disclosed security vulnerabilities associated with the project’s
dependencies and establish a strategy for upgrading those dependencies.
2. Automate dependency management: implement a Dependabot-like capability
which creates pull requests to keep the project dependencies secure and
up-to-date.
For those that use dependabot (https://dependabot.com/), I'm sure you will
agree that it makes life a lot easier. It does not however provide any checkers
for projects using Apache Ant as the build lifecycle tool. We will implement
adequate checking for Ant builds and maybe even donate the tool to
dependabot... who knows.
lewismc
