[jbosstools-issues] [JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio
Jeff MAURY (JIRA)
issues at jboss.org
Wed Jan 11 04:48:01 EST 2017
[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13345951#comment-13345951 ]
Jeff MAURY commented on JBDS-4237:
----------------------------------
I think we should review them to distinguish:
* upstream
* JBossTools
We should create sub tasks JIRAs but I'm not sure if they appear or not in the backlog ?
However, I don't understand some (ex pmd eclipse plugin has a report for an included pmd-php.jar but reported errors seems to be for the php binary which I don't think it's used)
> Generate CVE vulnerability report for devstudio
> -----------------------------------------------
>
> Key: JBDS-4237
> URL: https://issues.jboss.org/browse/JBDS-4237
> Project: Red Hat JBoss Developer Studio (devstudio)
> Issue Type: Bug
> Components: build, versionwatch
> Affects Versions: 10.3.0.AM1
> Reporter: Nick Boldt
> Assignee: Nick Boldt
> Fix For: 10.3.0.AM2
>
> Attachments: Screenshot_2017-01-10_18-58-03.png, Screenshot_2017-01-10_19-04-45.png
>
>
> 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip
> 1. download latest CI build update site zip, target platform zip, central zip, etc.
> 2. unpack update site zips
> 3. unpack dep-check zip
> 4. generate CVE report for each fetched zip:
> {code}
> ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/
> {code}
> Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jbosstools-issues
mailing list