Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.3.0.AM1
    • Fix Version/s: 12.x
    • Component/s: build, versionwatch
    • Labels:
      None
    • Sprint:
      devex #127 February 2017
    • Story Points:
      3
    • Docs QE Status:
      NEW

      Description

      0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
      1. download latest CI build update site zip, target platform zip, central zip, etc.
      2. unpack update site zips
      3. unpack dep-check zip
      4. generate CVE report for each fetched zip:

      ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/
      

      Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jeffmaury Jeff MAURY
                  Reporter:
                  nickboldt Nick Boldt
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated: