Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4562

Introduce OWASP Dependency-Check

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: 9.0.1
    • Fix Version/s: 9.2.0
    • Component/s: General
    • Labels:

      Description

      Introduce OWASP Dependency-Check to avoid security vulnerabilities.

      https://owasp.org/www-project-dependency-check/

      OWASP Dependency-Check

      Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

      Introduction

      The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rudyhuang rudyhuang
              Reporter:
              rudyhuang rudyhuang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 5 hours Time Not Required
                  2d 5h