Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-4237

Generate CVE vulnerability report for devstudio

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • 12.x
    • 10.3.0.AM1
    • build, versionwatch
    • None
    • devex #127 February 2017
    • 3
    • NEW

    Description

      0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
      1. download latest CI build update site zip, target platform zip, central zip, etc.
      2. unpack update site zips
      3. unpack dep-check zip
      4. generate CVE report for each fetched zip:

      ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/
      

      Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).

      Attachments

        Issue Links

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: JBDS

              People

                jmaury@redhat.com Jeff MAURY
                nickboldt Nick Boldt
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated: