github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-16 16:46:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

improvements to the vulnerability report per issue #599

Browse Source
This commit is contained in:
Jeremy Long
2016-10-22 07:11:36 -04:00
parent 40f0e907e1
commit b7b97960a6
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl
View File

@@ -177,6 +177,11 @@ the reporting provided constitutes acceptance for use in an AS IS condition, and
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the users risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p>
<h3>About The Vulnerability Report | Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check" target="_blank">google group</a> |
<a href="https://github.com/jeremylong/DependencyCheck/issues" target="_blank">github issues</a></h3>
<p>This report is intended to be a quick summary of findings. It is highly recommended that you use the full HTML
report to determine if any <a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html">false positives</a>
have been reported. Additionally, the HTML report provides many features not found in the vulnerability report.</p>
]]#
<h2 class="sectionheader white">Vulnerability&nbsp;Report&nbsp;for&nbsp;$enc.html($applicationName)</h2>
<div class="sectioncontent">Report Generated On: $scanDate<br/><br/>
@@ -222,10 +227,10 @@ arising out of or in connection with the use of this tool, the analysis performe
($vuln.cvssScore)
<td>#set($cnt=$cnt+1)
#if($dependency.getRelatedDependencies().size()>0)<span id="header$cnt" class="expandable collapsedList">#end
$enc.html($dependency.DisplayFileName)
<span title="$enc.html($dependency.FilePath)">$enc.html($dependency.DisplayFileName)</span>
#if($dependency.getRelatedDependencies().size()>0)&nbsp;&nbsp;&nbsp;</span><div id="content$cnt" class="hidden">#end
#foreach($related in $dependency.getRelatedDependencies())
$enc.html($related.DisplayFileName)<br/>
<span title="$enc.html($related.FilePath)">$enc.html($related.DisplayFileName)</span><br/>
#end
#if($dependency.getRelatedDependencies().size()>0)</div#end
</td>

2
src/site/markdown/general/suppression.md
View File

@@ -1,6 +1,6 @@
Suppressing False Positives
====================
Due to how dependency-check identifies libraries false positives may occur (a CPE was identified that is incorrect). Suppressing these false positives is fairly easy using the HTML report. In the report next to each CPE identified (and on CVE entries) there is a suppress button. Clicking the suppression button will create a dialogue box which you can simple hit Control-C to copy the XML that you would place into a suppression XML file. If this is the first time you are creating the suppression file you should click the "Complete XML Doc" button on the top of the dialogue box to add the necessary schema elements.
Due to [how dependency-check identifies libraries](internals.html) false positives may occur (i.e. a CPE was identified that is incorrect). Suppressing these false positives is fairly easy using the HTML report. In the report next to each CPE identified (and on CVE entries) there is a suppress button. Clicking the suppression button will create a dialogue box which you can simple hit Control-C to copy the XML that you would place into a suppression XML file. If this is the first time you are creating the suppression file you should click the "Complete XML Doc" button on the top of the dialogue box to add the necessary schema elements.
A sample suppression file would look like: