github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

added information on suppressing false positives to the site

Browse Source 
Former-commit-id: 84c0f3175c7a749bc2d5fe05d7b4e4d23a518fab
This commit is contained in:
Jeremy Long
2014-01-15 20:43:09 -05:00
parent ae58c1fa99
commit 3bd952e5c5
6 changed files with 44 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/site/markdown/suppression.md Normal file
View File

@@ -0,0 +1,28 @@
Suppressing False Positives
====================
Due to how dependency-check identifies libraries false positives may occur (a CPE was identified that is incorrect). Suppressing these false positives is fairly easy using the HTML report. In the report next to each CPE identified (and on CVE entries) there is a suppress button. Clicking the suppression button will create a dialogue box which you can simple hit Control-C to copy the XML that you would place into a suppression XML file. If this is the first time you are creating the suppression file you should click the "Complete XML Doc" button on the top of the dialogue box to add the necessary schema elements.
A sample suppression file would look like:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<suppress>
<notes><![CDATA[
file name: some.jar
]]></notes>
<sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>
<cpe>cpe:/a:apache:struts:2.0.0</cpe>
</suppress>
</suppressions>
```
The above XML file will suppress the cpe:/a:apache:struts:2.0.0 from any file with the a matching SHA1 hash.
The full schema for suppression files can be found here: [suppression.xsd](https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/schema/suppression.xsd "Suppression Schema")
Please see the appropriate configuration option in each interfaces configuration guide:
- [Command Line Tool](dependency-check-cli/arguments.html)
- [Maven Plugin](dependency-check-maven/configuration.html)
- [Ant Task](dependency-check-ant/configuration.html)
- [Jenkins Plugin](dependency-check-jenkins/index.html)

5
src/site/site.xml
View File

@@ -57,6 +57,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
</breadcrumbs>
<menu ref="reports" />
<menu name="General">
<item name="False Positives" href="./suppression.html">
<description>Suppressing False Positives</description>
</item>
</menu>
<menu name="Modules">
<item name="dependency-check-core" href="./dependency-check-core/index.html">
<description>The core dependency-check library</description>