-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OWASP Dependency Checker for backend security #8191
Comments
Well I stay on my comments to #6329 :) |
Indeed @gmarziou you are right |
Sounds like a perfect use case for good old modules imho too.
…On Thu, Aug 30, 2018, 16:12 Julien Dubois ***@***.***> wrote:
Indeed @gmarziou <https://github.com/gmarziou> you are right
Then, as I had quite a lot of trouble to set up those tools for one of my
clients (and with a good configuration it works great!), maybe we should
rather do a documentation page?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#8191 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAMaiY2pUXqzpTOpMlUNqGyYNOhKSe9hks5uV_LEgaJpZM4WTaHu>
.
|
@gmarziou sorry I should have search an existing issue before creating this one. You've got more experience on that topic. So go for a doc. Should we fix the current identified CVEs ? |
Yes |
OK then I'm closing this as there won't be anything coded here, just a new documentation page. -> @danielpetisme if you want to do it, just duplicate a simple page and write the markdown, I know it's hard to test and integrate so if you have issues on those don't worry I will fix that. The most important thing is the content itself. |
Should I create a new page or could I continue this one https://www.jhipster.tech/security/ |
@danielpetisme this is worth a specific page, it's quite big. And of course we can link it to the other pages |
Overview of the feature request
Add OWASP dependency checker in Maven and Gradle builds
Motivation for or Use Case
This PR is inspired by the Devoox FR Talk Sécurité des applications Web les bons réflexes à avoir (E. Lenoir)
Security is always underestimated, thanks to this talk I've discovered easy to setup tools. The aim of this PR is to have provided a security dependency checker for the generated projects.
I've made some tests and found CVEs on the sample projects.
Related issues or PR
The text was updated successfully, but these errors were encountered: