[
https://issues.jboss.org/browse/JBDS-4631?page=com.atlassian.jira.plugin....
]
Jeff MAURY commented on JBDS-4631:
----------------------------------
*jbosstools-openshift*
Run with
{code:java}
mvn clean package org.owasp:dependency-check-maven:3.0.2:check
{code}
Against the jbosstools-openshift repo
Only HIGH CVEs are analyzed
||Plugin||Dependency||Comment||Action||
|org.jboss.tools.openshift.cdk.server|com.fasterxml.jackson.core.jackson-core-2.6.2.v20161117-2150.jar|Need
update to Jackson 2.7.4 but not in Orbit|
| |com.google.javascript-0.0.20160315.v20161124-1903.jar|CVE mentionned com.google.gapps
so I think this is a false positive|
| |org.glassfish.jersey.core.jersey-client-2.22.1.v20161103-1916.jar|CVE mentionned a
problem in Oracle Client so I think this is a false positive|
| |org.apache.batik.css-1.8.0.v20170214-1941.jar|Need update to Batik 1.9 but not in
Orbit|
| |org.eclipse.linuxtools.docker.editor-1.0.0.201710132200.jar|CVE mentionned Docker
1.0.0 so I think this is a false positive|
| |org.eclipse.swt.win32.win32.x86-3.106.0.v20170608-0516.jar:
swt-webkit-win32-4757.dll|CVE mentionned vulnerability in WebKit which is not included
-> false positive|
| |org.jboss.ide.eclipse.as.classpath.core-3.5.2.v20171114-2016.jar: cdi-api.jar|CVE
mentioned Seam 2.X but cdi-api does not include Seam -> false positive|
| |org.eclipse.wst.jsdt.chromium.debug.core-0.5.300.v201705091354.jar|CVE mentionned
Chromium but it is not included -> false positive|
*jbosstools-base*
The report did not show additional dependencies
*jbosstools-server*
The report did not show additional dependencies
First analysis and actions for CVE vulnerabilities
--------------------------------------------------
Key: JBDS-4631
URL:
https://issues.jboss.org/browse/JBDS-4631
Project: Red Hat JBoss Developer Studio (devstudio)
Issue Type: Bug
Components: 3rd-party-dependencies
Affects Versions: 11.1.0.GA
Reporter: Jeff MAURY
Assignee: Jeff MAURY
Fix For: 11.2.0.AM3
Attachments: jbosstools-base-common-dependency-check-report.html,
jbosstools-base-foundation-dependency-check-report.html,
jbosstools-base-runtime-dependency-check-report.html,
jbosstools-base-stacks-dependency-check-report.html,
jbosstools-base-usage-dependency-check-report.html,
jbosstools-openshift-dependency-check-report.html
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)