Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4562

Introduce OWASP Dependency-Check

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Done
    • Normal
    • 9.5.0
    • 9.0.1
    • General

    Description

      Introduce OWASP Dependency-Check to avoid security vulnerabilities.

      https://owasp.org/www-project-dependency-check/

      OWASP Dependency-Check

      Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

      Introduction

      The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZK-4561 upgrade google.* dependencies

          • Normal - Normal
          • Closed

          Activity

            People

              rudyhuang rudyhuang
              rudyhuang rudyhuang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 5 hours Time Not Required
                  2d 5h