[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

Monday, 30 January 2017

     [
https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin....
]

Nick Boldt updated JBDS-4237:
-----------------------------
    Fix Version/s: 10.x
                       (was: 10.3.0.AM2)

...
 Generate CVE vulnerability report for devstudio
 -----------------------------------------------

                 Key: JBDS-4237
                 URL: https://issues.jboss.org/browse/JBDS-4237
             Project: Red Hat JBoss Developer Studio (devstudio)
          Issue Type: Bug
          Components: build, versionwatch
    Affects Versions: 10.3.0.AM1
            Reporter: Nick Boldt
            Assignee: Nick Boldt
             Fix For: 10.x

         Attachments: Screenshot_2017-01-10_18-58-03.png,
Screenshot_2017-01-10_19-04-45.png

 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
 1. download latest CI build update site zip, target platform zip, central zip, etc.
 2. unpack update site zips
 3. unpack dep-check zip
 4. generate CVE report for each fetched zip:
 {code}
 ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project
devstudio_check -o WORKSPACE/path/to/report/folder/
 {code}
 Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for
better reporting and maybe even enable this on every project job (once moved to CCI
Jenkins).  

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006