Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-4237

Generate CVE vulnerability report for devstudio


    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 12.x
    • 10.3.0.AM1
    • build, versionwatch
    • None
    • devex #127 February 2017
    • 3
    • NEW

      0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
      1. download latest CI build update site zip, target platform zip, central zip, etc.
      2. unpack update site zips
      3. unpack dep-check zip
      4. generate CVE report for each fetched zip:

      ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/

      Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).

            jmaury@redhat.com Jeff MAURY
            nickboldt Nick Boldt
            0 Vote for this issue
            4 Start watching this issue