Sonatype security scan

Question

Sonatype security scan

GuptaMegha opened this issue 5 years ago · 3 comments

Bobcat version:
2.1.0

Description

There is critical security vulnerability discovered in the Sonatype scan for bobcat. Because of this security issue I can not use this framework for my AEM application.

Expected Behavior

There should not be such higher security threat.

Is there anything that could be done, this will make the software secure.

Answer 1 · 2019-09-11T09:25:35.000Z

Hi @GuptaMegha,

we've reviewed the remaining open issues, they were invalid in our case.

Bobcat is constantly checked by SonarCloud, you can see the results here

Answer 2 · 2019-09-11T09:41:10.000Z

Hi @mkrzyzanowski

Please see attached sonatype report
Bobcat-Build-20190910-140952.pdf

Answer 3 · 2019-09-11T10:33:30.000Z

The issue there is related to the JQuery used in our docs site. It is not distributed along Bobcat artifacts, so there's no need to be concerned about it. As mentioned above, Bobcat codebase itself is checked continuously by SonarCloud - all identified issues have been addressed. You can safely use Bobcat :).