Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP Dependency Checker for backend security #8191

Closed
1 task done
danielpetisme opened this issue Aug 30, 2018 · 8 comments
Closed
1 task done

OWASP Dependency Checker for backend security #8191

danielpetisme opened this issue Aug 30, 2018 · 8 comments
Milestone
5.3.0

Comments

@danielpetisme
Copy link
Member

danielpetisme commented Aug 30, 2018
edited
Loading

Overview of the feature request

Add OWASP dependency checker in Maven and Gradle builds

Motivation for or Use Case

This PR is inspired by the Devoox FR Talk Sécurité des applications Web les bons réflexes à avoir (E. Lenoir)

Security is always underestimated, thanks to this talk I've discovered easy to setup tools. The aim of this PR is to have provided a security dependency checker for the generated projects.

I've made some tests and found CVEs on the sample projects.

Related issues or PR
  • Checking this box is mandatory (this is just to show you read everything)
@gmarziou
Copy link
Contributor

Well I stay on my comments to #6329 :)

@jdubois
Copy link
Member

jdubois commented Aug 30, 2018

Indeed @gmarziou you are right
Then, as I had quite a lot of trouble to set up those tools for one of my clients (and with a good configuration it works great!), maybe we should rather do a documentation page?

@atomfrede
Copy link
Member

atomfrede commented Aug 30, 2018 via email

@danielpetisme
Copy link
Member Author

@gmarziou sorry I should have search an existing issue before creating this one.

You've got more experience on that topic. So go for a doc.

Should we fix the current identified CVEs ?

@gmarziou
Copy link
Contributor

Should we fix the current identified CVEs ?

Yes

@jdubois
Copy link
Member

jdubois commented Aug 30, 2018

OK then I'm closing this as there won't be anything coded here, just a new documentation page.

-> @danielpetisme if you want to do it, just duplicate a simple page and write the markdown, I know it's hard to test and integrate so if you have issues on those don't worry I will fix that. The most important thing is the content itself.

@jdubois jdubois closed this as completed Aug 30, 2018
@danielpetisme
Copy link
Member Author

Should I create a new page or could I continue this one https://www.jhipster.tech/security/

@jdubois
Copy link
Member

jdubois commented Aug 30, 2018

@danielpetisme this is worth a specific page, it's quite big. And of course we can link it to the other pages

@jdubois jdubois added this to the 5.3.0 milestone Sep 3, 2018
This was referenced Sep 5, 2018
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.3.0
Development

No branches or pull requests
4 participants
@atomfrede @jdubois @gmarziou @danielpetisme