OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
security
security-audit
maven-plugin
jenkins-plugin
gradle-plugin
build-tool
ant-task
vulnerability-detection
software-composition-analysis
-
Updated
Sep 16, 2020 - Java
Stash notifier sends multiple notifications then used in a multi-configuration (matrix) job. There is a risk that the PR would appear to be "approved" by Jenkins before all jobs complete, creating a window of "opportunity" to merge broken code.
A simple fix is to require a minimal number of successful builds. But it's a not a reliable fix. New configurations can be added to the matrix build, ma