Date: Sun, 25 Feb 2018 19:22:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 226206] [New port] security/owasp-dependency-check: Detects publicly disclosed vulnerabilities in project dependencies Message-ID: <bug-226206-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226206 Bug ID: 226206 Summary: [New port] security/owasp-dependency-check: Detects publicly disclosed vulnerabilities in project dependencies Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/jeremylong/DependencyCheck OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: andreas.sommer87@googlemail.com Created attachment 191000 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D191000&action= =3Dedit owasp-dependency-check-3.1.1 Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associ= ated CVE entries. My use case is audit of NPM/NodeJS module dependencies, but many more analy= zers are supported[0]. See also my proposal to solve NPM module audit on ports level[1]. Even thou= gh there was no interest, this tool is helpful by itself without a complex Fre= eBSD infrastructure around it. It can easily be added to any CI since it's a command-line tool. Since the build requires a maven repository, it must be provided in distfil= es when committing. It works like in archivers/snappy-java. I could provide he= lp or a script to easily create the repository from scratch, if wanted by the committer. [0] https://jeremylong.github.io/DependencyCheck/analyzers/index.html [1] https://lists.freebsd.org/pipermail/freebsd-ports/2018-February/112425.= html --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226206-13>