Skip to content

Added OWASP dependency-check #3002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eolivelli merged 5 commits into from
Jan 27, 2022
Merged

Added OWASP dependency-check #3002

eolivelli merged 5 commits into from
Jan 27, 2022

Conversation

@dlg99
Copy link
Contributor

@dlg99 dlg99 commented Jan 19, 2022

Descriptions of the changes in this PR:

Added OWASP dependency-check plugin to gradle build (maven is due for removal so I ignored it)

Motivation

Run dependency check to detect CVEs/dependencies that need upgrade.

Changes

Updated gradle build files.

To run:

./gradlew clean build -x microbenchmarks:checkstyleMain -x spotbugsTest -x signDistTar -x test dependencyCheckAggregate

See build/reports/dependency-check-report.html for results.

Current summary:

Dependencies Scanned: 360 (359 unique)
Vulnerable Dependencies: 65
Vulnerabilities Found: 174
Vulnerabilities Suppressed: 0

@dlg99 dlg99 marked this pull request as draft January 20, 2022 01:17
@dlg99 dlg99 marked this pull request as ready for review January 20, 2022 04:11
nicoloboschi
nicoloboschi approved these changes Jan 20, 2022
View reviewed changes
Copy link
Contributor

@nicoloboschi nicoloboschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

After that we should add the check in the CI

eolivelli
eolivelli approved these changes Jan 27, 2022
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@eolivelli eolivelli merged commit 036fc1f into apache:master Jan 27, 2022
StevenLuMT pushed a commit to StevenLuMT/bookkeeper that referenced this pull request Feb 16, 2022
@dlg99 @StevenLuMT
Added OWASP dependency-check (apache#3002)
145d7fe 
* Added OWASP dependency-check
* Suppress ETCD-related misdetections
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@dlg99
Added OWASP dependency-check (apache#3002)
bde7f59 
* Added OWASP dependency-check
* Suppress ETCD-related misdetections
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eolivelli eolivelli eolivelli approved these changes

@nicoloboschi nicoloboschi nicoloboschi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dlg99 @eolivelli @nicoloboschi