遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/6199)
<a href="https://www.bestpractices.dev/projects/6199"><img src="https://www.bestpractices.dev/projects/6199/badge"></a>
Java implementation of the Fernet authenticated encryption specification
https://github.com/l0s/fernet-java8/blob/master/CONTRIBUTING.md
https://github.com/l0s/fernet-java8/blob/master/CODE_OF_CONDUCT.md
The project site does not authenticate users.
All older versions are retained: https://github.com/l0s/fernet-java8/releases .
Issues are tracked in GitHub: https://github.com/l0s/fernet-java8/issues .
No vulnerabilities have been reported or resolved in the last 12 months.
No native binaries are generated.
The build system does not accept custom debugging flags.
The build system correctly identifies build dependencies. Only fully independent modules can be built in a non-deterministic order. The CI system is single-threaded so execution order is deterministic.
The build system injects the time the project was built. In addition, there is no locking mechanism for transitive dependencies.
This project follows conventions for installing the library into standard JVM-based applications.
There is no installation system.
This is met by using the Maven build system. Instructions are included although it follows standard conventions.
This is done using the conventions of Maven, the package manager and build system.
This is done using both Snyk and Dependabot: * https://github.com/l0s/fernet-java8/security/dependabot * https://snyk.io/test/github/l0s/fernet-java8?targetFile=fernet-java8%2Fpom.xml * https://snyk.io/test/github/l0s/fernet-java8?targetFile=fernet-jersey-auth%2Fpom.xml * https://snyk.io/test/github/l0s/fernet-java8?targetFile=fernet-aws-secrets-manager-rotator/pom.xml
The rule sets are defined here: https://github.com/l0s/fernet-java8/blob/master/src/main/config/pmd-ruleset.xml . They include security rules as well as checks for error-prone code.
Per the Fernet Spec, this software uses AES 128 in CBC mode. However, it uses these as part of an authenticated encryption scheme. Any user input is first authenticated prior to decryption. An attacker attempting to exploit CBC mode would first need to generate a payload that passes the HMAC check.
警告:需要更长的理由。
后退