Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-4237

Generate CVE vulnerability report for devstudio

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 12.x
    • 10.3.0.AM1
    • build, versionwatch
    • None
    • devex #127 February 2017
    • 3
    • NEW

      0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
      1. download latest CI build update site zip, target platform zip, central zip, etc.
      2. unpack update site zips
      3. unpack dep-check zip
      4. generate CVE report for each fetched zip:

      ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/

      Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).

        1. CVE-report.png
          64 kB
          Nick Boldt
        2. Screenshot_2017-01-10_18-58-03.png
          6 kB
          Nick Boldt
        3. Screenshot_2017-01-10_19-04-45.png
          145 kB
          Nick Boldt

              jmaury@redhat.com Jeff MAURY
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: