mailing list archives
Security in open source components
From: Grant Murphy <gmurphy () redhat com>
Date: Fri, 28 Sep 2012 09:10:44 +1000
I don't have the original mail but some time ago a thread on this list
mentioned this article:
It might be of interest to you that the Red Hat Security Response Team
has put together a database containing fingerprints of vulnerable Maven
artifacts. We have just recently released a Maven Enforcer rule that
scans a projects dependencies against the entries in this database.
An example of the configuration options and the source code is available
Try it out. I would be interested to get your feedback.
Grant Murphy | Red Hat Product Security Team
Description: OpenPGP digital signature
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
- Security in open source components Grant Murphy (Sep 28)