[OWASP-Security101] Getting a list of high risk CVE from my local Maven repositry

Richard Kolb rjdkolb at gmail.com
Wed Nov 18 08:56:54 UTC 2015


Hello,

I know there has been a lot of research on the Java libraries with common
vulnerabilities in Maven Central.

My company has a private Nexus repository where only manually selected are
uploaded.

My question is, can I get a list of dependencies in my company's Nexus that
are vulnerable to high risk common vulnerabilities.

Perhaps this can be done using the Nexus Maven repository index ?

When I have a list, we can manually delete the older libraries and reduce
the possible attack surface of our company. Invaluable !

thanks,
Richard.


More information about the Security101 mailing list