fluo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ctubbsii commented on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)
Date Wed, 15 Aug 2018 04:56:04 GMT
ctubbsii commented on issue #1046: Please add OWASP Dependency Check to the build (pom.xml)
URL: https://github.com/apache/fluo/issues/1046#issuecomment-413094178
   This has been on my personal TODO list for some time, and is a good idea for informational
purposes. However, be aware that Fluo does not (generally) bundle dependencies in the project,
so the CVEs that affect any given individual and their dependency set depends not on what
Fluo has declared in its POM, but on what the user decides to install on their system during
their own dependency-integration and packaging phases of their particular Fluo deployment.
CVE analysis on the dependencies in Fluo's POMs only tells you what is vulnerable in the versions
we're developing against, not necessarily what is vulnerable the versions in their configured
Maven repository, class path, or deployment environment. Users should be aware of that limitation
and should always be responsible for their own deployed software environments.

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

View raw message