|
Secure Coding
mailing list archives
Security in open source components
From: Grant Murphy <gmurphy () redhat com>
Date: Fri, 28 Sep 2012 09:10:44 +1000
I don't have the original mail but some time ago a thread on this list
mentioned this article:
http://www.sonatype.com/Products/Why-Sonatype/Reduce-Security-Risk/Security-Brief
It might be of interest to you that the Red Hat Security Response Team
has put together a database containing fingerprints of vulnerable Maven
artifacts. We have just recently released a Maven Enforcer rule that
scans a projects dependencies against the entries in this database.
An example of the configuration options and the source code is available
here:
https://github.com/gcmurphy/enforce-victims-rule
Try it out. I would be interested to get your feedback.
Regards,
Grant Murphy | Red Hat Product Security Team
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
 By Date 
By Thread
Current thread:
- Security in open source components Grant Murphy (Sep 28)
| 
