From b7b97960a60d918de4bbe4fc312ba058c48f5303 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 22 Oct 2016 07:11:36 -0400
Subject: [PATCH] improvements to the vulnerability report per issue #599

---
 .../src/main/resources/templates/VulnerabilityReport.vsl | 9 +++++++--
 src/site/markdown/general/suppression.md                 | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl b/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl
index 4b0036c14..f0ee4806f 100644
--- a/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl
@@ -177,6 +177,11 @@ the reporting provided constitutes acceptance for use in an AS IS condition, and
 implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
 is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
 arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p>
+<h3>About The Vulnerability Report | Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check" target="_blank">google group</a> | 
+<a href="https://github.com/jeremylong/DependencyCheck/issues" target="_blank">github issues</a></h3>
+<p>This report is intended to be a quick summary of findings. It is highly recommended that you use the full HTML
+report to determine if any <a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html">false positives</a>
+have been reported. Additionally, the HTML report provides many features not found in the vulnerability report.</p>
 ]]#
             <h2 class="sectionheader white">Vulnerability&nbsp;Report&nbsp;for&nbsp;$enc.html($applicationName)</h2>
             <div class="sectioncontent">Report Generated On: $scanDate<br/><br/>
@@ -222,10 +227,10 @@ arising out of or in connection with the use of this tool, the analysis performe
                                 ($vuln.cvssScore)
                                 <td>#set($cnt=$cnt+1)
                                     #if($dependency.getRelatedDependencies().size()>0)<span id="header$cnt" class="expandable collapsedList">#end
-                                    $enc.html($dependency.DisplayFileName)
+                                    <span title="$enc.html($dependency.FilePath)">$enc.html($dependency.DisplayFileName)</span>
                                     #if($dependency.getRelatedDependencies().size()>0)&nbsp;&nbsp;&nbsp;</span><div id="content$cnt" class="hidden">#end
                                     #foreach($related in $dependency.getRelatedDependencies())
-                                    $enc.html($related.DisplayFileName)<br/>
+                                    <span title="$enc.html($related.FilePath)">$enc.html($related.DisplayFileName)</span><br/>
                                     #end
                                     #if($dependency.getRelatedDependencies().size()>0)</div#end
                                 </td>
diff --git a/src/site/markdown/general/suppression.md b/src/site/markdown/general/suppression.md
index ed4c5bf08..af3dfb57d 100644
--- a/src/site/markdown/general/suppression.md
+++ b/src/site/markdown/general/suppression.md
@@ -1,6 +1,6 @@
 Suppressing False Positives
 ====================
-Due to how dependency-check identifies libraries false positives may occur (a CPE was identified that is incorrect). Suppressing these false positives is fairly easy using the HTML report. In the report next to each CPE identified (and on CVE entries) there is a suppress button. Clicking the suppression button will create a dialogue box which you can simple hit Control-C to copy the XML that you would place into a suppression XML file. If this is the first time you are creating the suppression file you should click the "Complete XML Doc" button on the top of the dialogue box to add the necessary schema elements.
+Due to [how dependency-check identifies libraries](internals.html) false positives may occur (i.e. a CPE was identified that is incorrect). Suppressing these false positives is fairly easy using the HTML report. In the report next to each CPE identified (and on CVE entries) there is a suppress button. Clicking the suppression button will create a dialogue box which you can simple hit Control-C to copy the XML that you would place into a suppression XML file. If this is the first time you are creating the suppression file you should click the "Complete XML Doc" button on the top of the dialogue box to add the necessary schema elements.
 
 A sample suppression file would look like: