Sonatype security scan
GuptaMegha opened this issue · 3 comments
Bobcat version:
2.1.0
Description
There is critical security vulnerability discovered in the Sonatype scan for bobcat. Because of this security issue I can not use this framework for my AEM application.
Expected Behavior
There should not be such higher security threat.
Is there anything that could be done, this will make the software secure.
Hi @GuptaMegha,
we've reviewed the remaining open issues, they were invalid in our case.
Bobcat is constantly checked by SonarCloud, you can see the results here
Please see attached sonatype report
Bobcat-Build-20190910-140952.pdf
The issue there is related to the JQuery used in our docs site. It is not distributed along Bobcat artifacts, so there's no need to be concerned about it. As mentioned above, Bobcat codebase itself is checked continuously by SonarCloud - all identified issues have been addressed. You can safely use Bobcat :).