search

apache / shardingsphere

Distributed SQL transaction & query engine for data sharding, scaling, encryption, and more - on any database.
Apache License 2.0
19.64k stars 6.67k forks source link

Add dependency-check-maven to shardingsphere #30848

Closed taojintianxia closed 1 week ago

taojintianxia commented 3 months ago

Feature Request

For English only, other languages will not be accepted.

Please pay attention on issues you submitted, because we maybe need more details. If no response anymore and we cannot make decision by current information, we will close it.

Please answer these questions before submitting your issue. Thanks!

Is your feature request related to a problem?

Yes

Describe the feature you would like.

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

I'd like to add the maven plugin for dependency-check to shardingsphere

<plugin>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-maven</artifactId>
</plugin>

and this plugin needs a API key to download the NVD data

kid0510z commented 3 months ago

that will be great

Swastyy commented 3 months ago

Hi @taojintianxia , let me know if you need any help on this issue. I have previously worked on maven plugins for shardingsphere.