Secure Coding mailing list archives
Security in open source components
From: Grant Murphy <gmurphy () redhat com>
Date: Fri, 28 Sep 2012 09:10:44 +1000
I don't have the original mail but some time ago a thread on this list mentioned this article: http://www.sonatype.com/Products/Why-Sonatype/Reduce-Security-Risk/Security-Brief It might be of interest to you that the Red Hat Security Response Team has put together a database containing fingerprints of vulnerable Maven artifacts. We have just recently released a Maven Enforcer rule that scans a projects dependencies against the entries in this database. An example of the configuration options and the source code is available here: https://github.com/gcmurphy/enforce-victims-rule Try it out. I would be interested to get your feedback. Regards, Grant Murphy | Red Hat Product Security Team
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Security in open source components Grant Murphy (Sep 28)