stream-registry icon indicating copy to clipboard operation
stream-registry copied to clipboard

Published 20 hours ago verified publisher icon ExpediaGroup

OWASP Dependency Vulnerability Scanner

Open OneCricketeer opened this issue 5 years ago • 1 comments

Desired Behavior

Dependency vulnerabilities should be known at build-time.

https://www.owasp.org/index.php/OWASP_Dependency_Check

Maven coördinates

<dependency>
  <groupId>org.owasp</groupId>
  <artifactId>dependency-check-maven</artifactId>
  <version>4.0.1</version>
  <type>maven-plugin</type>
</dependency>

Benefits

  • Safer run-time environments
  • Trusted builds & releases

OneCricketeer avatar Dec 20 '18 05:12 OneCricketeer

Or https://github.com/apps/sonatype-depshield

Ref - https://blog.sonatype.com/the-rise-of-dependency-scanners

OneCricketeer avatar Dec 20 '18 06:12 OneCricketeer