Replies: 1 comment 2 replies
-
Hi @bossenti, |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We use two tools that check our dependencies for vulnerabilities:
On the one hand, there is the OWASP Dependency-Check that we use as a maven plugin during the check lifecycle phase. On the other hand, we have a GitHub Action using Google's OSV scanner for all our dependency systems (Maven, NPM, pip).
The OWASP Dependency-Check has recently released a new major release (
9.0.0
) and announced to stop support for all previous versions beginning from the 15th of December.Therefore, I'd like to discuss how we want to proceed here. In my mind, I have the following options:
What do you think? Are there any other options/ideas?
Beta Was this translation helpful? Give feedback.
All reactions