updated schema and xml report to include the confidence and type of evidence

Former-commit-id: 774764585a15d8d78a615f20f91c3a8aaaf4abb2
2026-01-14 15:53:36 +01:00 · 2015-07-14 08:01:22 -04:00
parent dffb2887d6
commit a24813b678
2 changed files with 20 additions and 4 deletions
--- a/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
+++ b/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<xs:schema id="analysis" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="https://www.owasp.org/index.php/OWASP_Dependency_Check#1.2">
+<xs:schema id="analysis" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xml">
    <xs:element name="analysis">
        <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
@@ -111,6 +111,8 @@
                                                                <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
                                                                <xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1" />
                                                            </xs:sequence>
+                                                            <xs:attribute name="type" type="xs:string" use="required" />
+                                                            <xs:attribute name="confidence" type="xs:string" use="required" />
                                                        </xs:complexType>
                                                    </xs:element>
                                                </xs:sequence>
--- a/dependency-check-core/src/main/resources/templates/XmlReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/XmlReport.vsl
@@ -18,7 +18,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
@author Jeremy Long <jeremy.long@owasp.org>
@version 1.1
 *#<?xml version="1.0"?>
-<analysis xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check#1.2">
+<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xml">
    <scanInfo>
        <engineVersion>$version</engineVersion>
 #foreach($prop in $properties.getMetaData().entrySet())
@@ -68,8 +68,22 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
            </relatedDependencies>
 #end
            <evidenceCollected>
-#foreach($evidence in $dependency.getEvidenceForDisplay())
-                <evidence>
+#foreach($evidence in $dependency.getVendorEvidence())
+                <evidence type="vendor" confidence="$enc.xml($evidence.getConfidence().toString())">
+                    <source>$enc.xml($evidence.getSource())</source>
+                    <name>$enc.xml($evidence.getName())</name>
+                    <value>$enc.xml($evidence.getValue().trim())</value>
+                </evidence>
+#end
+#foreach($evidence in $dependency.getProductEvidence())
+                <evidence type="product" confidence="$enc.xml($evidence.getConfidence().toString())">
+                    <source>$enc.xml($evidence.getSource())</source>
+                    <name>$enc.xml($evidence.getName())</name>
+                    <value>$enc.xml($evidence.getValue().trim())</value>
+                </evidence>
+#end
+#foreach($evidence in $dependency.getVersionEvidence())
+                <evidence type="version" confidence="$enc.xml($evidence.getConfidence().toString())">
                    <source>$enc.xml($evidence.getSource())</source>
                    <name>$enc.xml($evidence.getName())</name>
                    <value>$enc.xml($evidence.getValue().trim())</value>