Changes between Initial Version and Version 1 of Ticket #11570, comment 2


Ignore:
Timestamp:
2021-12-14T01:00:22+01:00 (4 years ago)
Author:
taylor.smock

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11570, comment 2

    initial v1  
    11@Don-vip: Do you remember why you excluded `"META-INF/maven/*"`?
    22
    3 I was looking at downloading non-svn jar files and processing them to find any vulnerabilities. Some tools use the pom.xml files to parse dependencies quickly. I can use the [https://owasp.org/www-project-dependency-check/ OWASP dependency checker], which seems to check the actual file content.
     3I was looking at downloading non-svn jar files and processing them to find any vulnerabilities. Some tools use the pom.xml files to parse dependencies quickly. ~~I can use the [https://owasp.org/www-project-dependency-check/ OWASP dependency checker], which seems to check the actual file content.~~
     4
     5EDIT: It looks like the OWASP dependency checkers detects the usage of packages, but does not know the version. So it isn't very helpful without the pom files.