If you want the package repository to add the header, you will need to make your request to Sonatype (Nexus) and JFrog (Artifactory)
Chas > On Mar 6, 2018, at 4:12 AM, Peter Muryshkin <murysh...@gmail.com> wrote: > > Hi, all, > > currently you can run OWASP dependency check plugin against your projects. > > Though, this seems to make security more or less optional: unaware either > lightheaded teams could miss this. > > What if a package repository would integrate with this dependency checking > and issue a warning, say a special HTTP response code or a header? > > Then, Maven would raise the warning in the console log, like "this > component is known to have CVE-XYZ! consider upgrading" > > What do you think? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
