Are active scans conducted on weblegacy/struts1 to identify new vulnerabilities?

weblegacy / struts1

Struts1-Upgrade to current technology

https://weblegacy.github.io/struts1/

Apache License 2.0

31 stars 5 forks source link

Closed arjunballa closed 6 months ago

arjunballa commented 8 months ago

We are considering upgrading our legacy project using weblegacy/struts1.

We are curious if the team responsible for maintaining this project conducts active scans to identify new vulnerabilities.
Will the maintenance team address and fix any potential vulnerabilities in the future?
Can widely used market tools like Prisma scans detect vulnerabilities in this project?

ste-gr commented 8 months ago

Hello @arjunballa,

it's nice that you want to use weblegacy/struts1. I'll try to answer your questions:

Currently, GitHub security scans are being performed. Almost all of GitHub's security tools are enabled.
When I get know of any vulnerabilities I'll fix it. Of course, any contribution is welcome.
It think it's possible. Currently the scanning is done with CodeQL

Greetings Stefan

ste-gr commented 6 months ago

Hi @arjunballa,

with version 1.5.0-RC2 all currently known security vulnerabilities have been fixed.

Greetings Stefan