Excellent enhancement ; thank you Brian & Sonatype. > Report issues or ideas here: > https://github.com/sonatype/ossindex-maven/issues
As requested I submitted my feedback as an RFE ( https://github.com/sonatype/ossindex-maven/issues/10) to report possible fixes on the vulnerabilities. Regards, Matthieu On Thu, Jul 26, 2018 at 2:55 AM Brian Fox <bri...@sonatype.com> wrote: > You probably know Sonatype for our work in the Maven community, Nexus > Repository Manager, and for hosting Central. You may not know that for > the last 7 years we've also been leading the way in solutions that > allow developers to innovate faster and be able to improve security, > license compliance and architecture at the same time. > > For years the primary domain for these concerns have been large > enterprises and/or governance teams. We're seeing a new trend along > with the #devsecops movement that brings concerns like the security > posture of a 3rd party component into the forefront of concerns for > developers. To further empower that trend, we've updated and > relaunched OSS Index with the mission to provide information and APIs > to the community -for free- to use in raising the security bar for > everyone. > > Out of the box you can find a plugin to assess and optionally fail > your build if components contain known vulnerabilities. If you're a > fan of the Maven Enforcer Plugin, there's a rule for you too. I > encourage you to check it out and if you're so inclined, grab the REST > API and integrate it into your favorite tool. > > https://ossindex.sonatype.org > > Find the Maven Plugin docs here: > https://sonatype.github.io/ossindex-maven/maven-plugin/ > > Find the Enforcer Plugin usage here: > https://sonatype.github.io/ossindex-maven/enforcer-rules/ > > Report issues or ideas here: > https://github.com/sonatype/ossindex-maven/issues > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >
