Might be interesting to look into adding something like OWASP Dependency-Check <https://jeremylong.github.io/DependencyCheck/> to the parent POM <https://github.com/jenkinsci/pom> and plugin parent POM <https://github.com/jenkinsci/plugin-pom>, with suppressions for existing false positives <https://jeremylong.github.io/DependencyCheck/general/suppression.html>. We could start by adding warnings to the build and then later upgrade those warnings to errors once we feel confident that most false positives have been suppressed.
-- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrRMVod1mNQyFvu3-RM2PUop7DbSKmMkQdsmJjQ349zvw%40mail.gmail.com.
