samples icon indicating copy to clipboard operation
samples copied to clipboard

Published 20 hours ago verified publisher icon buildpacks

[java] Automate vulnerability checks

Open jromero opened this issue 5 years ago • 2 comments

I'm worried that we'll have trouble keeping the example app up-to-date, but I don't think that should block this.

If we can't auto depend on latest fixes maybe we could setup a vetting process on the apps that run as part of CI as well. Something like OWASP dependency check: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html

Originally posted by @jromero in https://github.com/buildpack/samples/pull/35#issuecomment-534564032

jromero avatar Sep 24 '19 13:09 jromero

@jromero Is this still a priority?

ameyer-pivotal avatar Mar 11 '20 15:03 ameyer-pivotal

Yes, I think it's worth adding and given that the LOW is relatively low I think it makes sense to still do.

Actions:

  • Add dependency check to java app
  • Ensure that it runs as part of build and/or CI

jromero avatar Mar 11 '20 18:03 jromero