[
https://issues.apache.org/jira/browse/ZOOKEEPER-3256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752744#comment-16752744
]
Enrico Olivelli commented on ZOOKEEPER-3256:
--------------------------------------------
interesting that this CVE is against ZooKeeper itself
[https://nvd.nist.gov/vuln/detail/CVE-2016-5017]
I think that the Ant task is not processing the whole set of dependencies and
the artifacts themselves
> Enable OWASP checks to Maven build
> -----------------------------------
>
> Key: ZOOKEEPER-3256
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3256
> Project: ZooKeeper
> Issue Type: Sub-task
> Components: security
> Reporter: Enrico Olivelli
> Assignee: Enrico Olivelli
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.6.0, 3.5.5, 3.4.14
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Port OWASP check task to the Maven build, the suppressionsFile is the same as
> the ANT task
> use this command to run the check:
> {code:java}
> mvn org.owasp:dependency-check-maven:aggregate{code}
>
> ant based counterpart is:
> {code:java}
> ant owasp{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
