[ https://issues.apache.org/jira/browse/ZOOKEEPER-3256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752744#comment-16752744 ]
Enrico Olivelli commented on ZOOKEEPER-3256: -------------------------------------------- interesting that this CVE is against ZooKeeper itself [https://nvd.nist.gov/vuln/detail/CVE-2016-5017] I think that the Ant task is not processing the whole set of dependencies and the artifacts themselves > Enable OWASP checks to Maven build > ----------------------------------- > > Key: ZOOKEEPER-3256 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3256 > Project: ZooKeeper > Issue Type: Sub-task > Components: security > Reporter: Enrico Olivelli > Assignee: Enrico Olivelli > Priority: Major > Labels: pull-request-available > Fix For: 3.6.0, 3.5.5, 3.4.14 > > Time Spent: 20m > Remaining Estimate: 0h > > Port OWASP check task to the Maven build, the suppressionsFile is the same as > the ANT task > use this command to run the check: > {code:java} > mvn org.owasp:dependency-check-maven:aggregate{code} > > ant based counterpart is: > {code:java} > ant owasp{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)