From 25805d1ef76f07be125659f4619d8f34a963d964 Mon Sep 17 00:00:00 2001 From: Brittany Istenes <50678820+BrittanyIstenes@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:04:24 -0400 Subject: [PATCH] Update README.md Updated the README --- README.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 94d3428..3ac3c91 100644 --- a/README.md +++ b/README.md @@ -4,22 +4,20 @@ The Clean Dependency Project is Fannie Mae’s first open source project with a clear vision to provide clean OSS libraries to the products that we care about. +We started the Cleand Dependency Project to solve the problem of open source dependencies reporting a high and/or critical vulnerabilities, with a CVSS score of 9+ and no pubished fixes that patches these vulneralbilties. As our first step, we want to change these libraries to reduce the vulnerability surface area and second publish these patches publically so that others can benefit from the community work as well as contribute patches of their own. + There is an immediate concern with the consumption of OSS libraries that we rely on with no clear upgrade path. The main goal is to clean these dependencies and vulnerabilities with patch management with the most recent versions to push back upstream into our projects as well as the external community. Some of the projects and dependencies we will be working on cleaning are: -* SpringWeb -* Pandas -* SpringWeb Security -* Jackson-Databind +* springweb +* pandas +* springWeb security +* jackson-databind * snakeyaml -Versions that need updating: -* spring-web : 1.x.x – 5.x.x -* spring-security-web : 1.x.x – 5.x.x -* jackson-databind : 2.12.5 -* pandas : 1.x.x - 1.4.2 +If you would like to give back to this project, please read our [contributing guide](https://github.com/Clean-Dependency-Project/clean-dependency-project/blob/main/CONTRIBUTING.md) and visit our open issues to get started. -If you would like to give back to this project, please read our [contributing guide](https://github.com/Clean-Dependency-Project/clean-dependency-project/blob/main/CONTRIBUTING.md) and visit our open issues to get started. +If you would like to file an enhancement request or your own issues, please read through our [CODE OF CONDUCT](https://github.com/Clean-Dependency-Project/clean-dependency-project/blob/main/CODE_OF_CONDUCT.md) and file an issued based on type [here](https://github.com/Clean-Dependency-Project/clean-dependency-project/issues).