Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4562

Introduce OWASP Dependency-Check

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Done
    • Normal
    • 9.5.0
    • 9.0.1
    • General

    Description

      Introduce OWASP Dependency-Check to avoid security vulnerabilities.

      https://owasp.org/www-project-dependency-check/

      OWASP Dependency-Check

      Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

      Introduction

      The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

      Attachments

        Issue Links

          Activity

            People

              rudyhuang rudyhuang
              rudyhuang rudyhuang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 5 hours Time Not Required
                  2d 5h