Skip to content
Identify vulnerable libraries in Maven dependencies
Java HTML
Branch: master
Clone or download
h3xstream Merge pull request #3 from seanf/patch-1
Update groupId for Maven badge
Latest commit 16882bc Apr 3, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
demos Demonstration files (screenshots + dummy project for testing) Nov 4, 2015
src
.gitignore First draft of the plugin. Jul 15, 2015
.travis.yml Attempt to fix travis-ci no longer working with JDK 7 Oct 24, 2017
README.md Update groupId for Maven badge Apr 3, 2018
pom.xml added release plugin to ossrh profile Nov 24, 2017

README.md

Maven Security Versions Build Status Maven Central

Identify vulnerable libraries in Maven dependencies.

The plugin is based on versions-maven-plugin. It use the victims database has source for CVEs and Maven artifact mapping.

Usage

> mvn com.redhat.victims.maven:security-versions:check
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Demo Insecure Project 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- security-versions:1.0.2:check (default-cli) @ demo-insecure-project ---
[INFO] Analyzing the dependencies for com.h3xstream.test:demo-insecure-project
[INFO] Syncing with the victims repository (based on the atom feed)
[INFO] Downloading: https://github.com/victims/victims-cve-db/commits.atom
[INFO] Already to the latest version.
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0094
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0112
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0113
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0116
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-7809
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2013-2186
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2014-0050
[ERROR] com.thoughtworks.xstream:xstream is vulnerable to CVE-2013-7285
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.200 s
[INFO] Finished at: 2015-11-03T22:30:48-05:00
[INFO] Final Memory: 13M/194M
[INFO] ------------------------------------------------------------------------

Licenses

You can’t perform that action at this time.