[
https://issues.apache.org/jira/browse/CLOUDSTACK-10271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355361#comment-16355361
]
ASF GitHub Bot commented on CLOUDSTACK-10271:
---------------------------------------------
rafaelweingartner commented on issue #2446: CLOUDSTACK-10271 maven plugin for
owasp dependency check added
URL: https://github.com/apache/cloudstack/pull/2446#issuecomment-363748671
because it might start breaking our builds and then we will have to fix it?
I wonder if this report will be something like the Coverity report that we
had or even the sonar report that we had (do we still have them?) that people
just ignore.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> detect vulnerabilities in depndencies
> -------------------------------------
>
> Key: CLOUDSTACK-10271
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10271
> Project: CloudStack
> Issue Type: Wish
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Daan Hoogland
> Assignee: Daan Hoogland
> Priority: Major
>
> As a developer I want to know whether and what dependencies I am using that
> might harm my users. For this we need to add the owasp dependency checker to
> the maven build. It will require more then just this but it is a good first
> step.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
