[ https://issues.apache.org/jira/browse/GEODE-5098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16441565#comment-16441565 ]
Praveendra Singh commented on GEODE-5098: ----------------------------------------- this is something we should leverage in all Apache Open Source systems. > Integrate OWASP Dependency Check for known vulnerabilities > ---------------------------------------------------------- > > Key: GEODE-5098 > URL: https://issues.apache.org/jira/browse/GEODE-5098 > Project: Geode > Issue Type: Improvement > Components: build > Reporter: Praveendra Singh > Priority: Major > > Given the sensitivity of the Geode system, we would like to avoid any > vulnerable dependencies sneaking into the final product. One way to be little > defensive is to leverage OWASP Dependency-Check. There are paid services > (e.g. Veracode) in the market however OWASP tool gives results which are very > close to the commercial services. > h2. OWASP Dependency-Check > Dependency-Check is a utility that identifies project dependencies and checks > if there are any known, publicly disclosed, vulnerabilities. > > ref: [https://www.owasp.org/index.php/OWASP_Dependency_Check] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)