[OWASP-Security101] Getting a list of high risk CVE from my local Maven repositry

Jim Manico jim.manico at owasp.org
Wed Nov 18 15:39:28 UTC 2015


Try this project

https://www.owasp.org/index.php/OWASP_Dependency_Check

On 11/18/15 2:56 AM, Richard Kolb wrote:
> Hello,
>
> I know there has been a lot of research on the Java libraries with common
> vulnerabilities in Maven Central.
>
> My company has a private Nexus repository where only manually selected are
> uploaded.
>
> My question is, can I get a list of dependencies in my company's Nexus that
> are vulnerable to high risk common vulnerabilities.
>
> Perhaps this can be done using the Nexus Maven repository index ?
>
> When I have a list, we can manually delete the older libraries and reduce
> the possible attack surface of our company. Invaluable !
>
> thanks,
> Richard.
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org

-- 
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org



More information about the Security101 mailing list