[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

Wednesday, 11 January 2017

    [
https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin....
] 

Jeff MAURY commented on JBDS-4237:
----------------------------------

I think we should review them to distinguish:
* upstream
* JBossTools

We should create sub tasks JIRAs but I'm not sure if they appear or not in the backlog
?
However, I don't understand some (ex pmd eclipse plugin has a report for an included
pmd-php.jar but reported errors seems to be for the php binary which I don't think
it's used)

...
 Generate CVE vulnerability report for devstudio
 -----------------------------------------------

                 Key: JBDS-4237
                 URL: https://issues.jboss.org/browse/JBDS-4237
             Project: Red Hat JBoss Developer Studio (devstudio)
          Issue Type: Bug
          Components: build, versionwatch
    Affects Versions: 10.3.0.AM1
            Reporter: Nick Boldt
            Assignee: Nick Boldt
             Fix For: 10.3.0.AM2

         Attachments: Screenshot_2017-01-10_18-58-03.png,
Screenshot_2017-01-10_19-04-45.png

 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
 1. download latest CI build update site zip, target platform zip, central zip, etc.
 2. unpack update site zips
 3. unpack dep-check zip
 4. generate CVE report for each fetched zip:
 {code}
 ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project
devstudio_check -o WORKSPACE/path/to/report/folder/
 {code}
 Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for
better reporting and maybe even enable this on every project job (once moved to CCI
Jenkins).  

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006