github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 00:59:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #734 from jeremylong/updateJsonReport

Browse Source 
Update json report
This commit is contained in:
Jeremy Long
2017-05-20 06:06:39 -04:00
committed by GitHub
parent b6a7d0ee9b ea93f315d5
commit f584be7f44
3 changed files with 169 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

346
dependency-check-core/src/main/resources/templates/JsonReport.vsl
View File

@@ -1,198 +1,182 @@
{ {
"reportSchema": "1.0", "reportSchema": "1.0",
"analysis": { "scanInfo": {
"scanInfo": { "engineVersion": "$version",
"engineVersion": "$version", "dataSource": [
"dataSource": [ #foreach($prop in $properties.getMetaData().entrySet())
#foreach($prop in $properties.getMetaData().entrySet()) #if($foreach.count > 1),#end{
#if($foreach.count > 1),#end{ "name": "$enc.json($prop.key)",
"name": "$enc.json($prop.key)", "timestamp": "$enc.json($prop.value)"
"timestamp": "$enc.json($prop.value)" }
} #end
#end ]
] },
}, "projectInfo": {
"projectInfo": { "name": "$enc.json($applicationName)",
"name": "$enc.json($applicationName)", #if($groupID)"groupID":"$enc.json($groupID)",#end
#if($groupID)"groupID":"$enc.json($groupID)",#end #if($artifactID)"artifactID":"$enc.json($artifactID)",#end
#if($artifactID)"artifactID":"$enc.json($artifactID)",#end #if($version)"version":"$enc.json($version)",#end
#if($version)"version":"$enc.json($version)",#end "reportDate": "$scanDateXML",
"reportDate": "$scanDateXML", "credits": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov"
"credits": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov" },
}, "dependencies": [
"dependencies": [ #foreach($dependency in $dependencies)#if($foreach.count > 1),#end{
#foreach($dependency in $dependencies)#if($foreach.count > 1),#end{ "fileName": "$enc.json($dependency.DisplayFileName)",
"fileName": "$enc.json($dependency.DisplayFileName)", "filePath": "$enc.json($dependency.FilePath)",
"filePath": "$enc.json($dependency.FilePath)", "md5": "$enc.json($dependency.Md5sum)",
"md5": "$enc.json($dependency.Md5sum)", "sha1": "$enc.json($dependency.Sha1sum)"
"sha1": "$enc.json($dependency.Sha1sum)" #if($dependency.description),"description": "$enc.json($dependency.description)"#end
#if($dependency.description),"description": "$enc.json($dependency.description)"#end #if($dependency.license),"license": "$enc.json($dependency.license)"#end
#if($dependency.license),"license": "$enc.json($dependency.license)"#end #if ($dependency.getRelatedDependencies().size()>0)
#if ($dependency.getRelatedDependencies().size()>0) ,"relatedDependencies": [
,"relatedDependencies": [ #foreach($related in $dependency.getRelatedDependencies()) #if($foreach.count > 1),#end {
#foreach($related in $dependency.getRelatedDependencies()) #if($foreach.count > 1),#end { "filePath": "$enc.json($related.FilePath)",
"filePath": "$enc.json($related.FilePath)", "sha1": "$enc.json($related.Sha1sum)",
"sha1": "$enc.json($related.Sha1sum)", "md5": "$enc.json($related.Md5sum)"#if($related.getIdentifiers()),#end
"md5": "$enc.json($related.Md5sum)"#if($related.getIdentifiers()),#end "identifiers": [
"identifiers": [ #foreach($id in $related.getIdentifiers())
#foreach($id in $related.getIdentifiers()) #if ($id.type=="maven")
#if ($id.type=="maven") {
{
"type": "$enc.json($id.type)",
"name": "$id.value"
#if( $id.url ),"url": "$enc.json($id.url)"#end
#if ($id.notes),"notes": "$enc.json($id.notes)"#end
}
#end
#end
]
}
#end
]
#end
,"evidenceCollected": {
"vendorEvidence": [
#foreach($evidence in $dependency.getVendorEvidence())
#if($foreach.count > 1),#end{
"type": "vendor",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
}
#end
],
"productEvidence": [
#foreach($evidence in $dependency.getProductEvidence())
#if($foreach.count > 1),#end{
"type": "product",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
}
#end
],
"versionEvidence": [
#foreach($evidence in $dependency.getVersionEvidence())
#if($foreach.count > 1),#end{
"type": "version",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
}
#end
]
},
"identifiers": [
#foreach($id in $dependency.getIdentifiers())#if($foreach.count > 1),#end{
"name": "$id.value",
"type": "$enc.json($id.type)",
#if($id.confidence)"confidence": "$id.confidence",#end
#if($id.url)"url": "$enc.json($id.url)",#end
#if($id.description )"description": "$enc.json($id.description)",#end
#if ($id.notes)"notes": "$enc.json($id.notes)",#end
"suppressedIdentifiers": [
#foreach($id in $dependency.getSuppressedIdentifiers())
#if($foreach.count > 1),#end{
"type": "$enc.json($id.type)", "type": "$enc.json($id.type)",
#if($id.confidence)"confidence": "$id.confidence",#end "name": "$id.value"
"name": "$id.value", #if( $id.url ),"url": "$enc.json($id.url)"#end
#if($id.url)"url": "$enc.json($id.url),"#end #if ($id.notes),"notes": "$enc.json($id.notes)"#end
#if($id.description)"description": "$enc.json($id.description)",#end }
#if ($id.notes)"notes": "$enc.json($id.notes)"#end
}
#end #end
] #end
]
}
#end
]
#end
,"evidenceCollected": {
"vendorEvidence": [
#foreach($evidence in $dependency.getVendorEvidence())
#if($foreach.count > 1),#end{
"type": "vendor",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
}
#end
],
"productEvidence": [
#foreach($evidence in $dependency.getProductEvidence())
#if($foreach.count > 1),#end{
"type": "product",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
}
#end
],
"versionEvidence": [
#foreach($evidence in $dependency.getVersionEvidence())
#if($foreach.count > 1),#end{
"type": "version",
"confidence": "$enc.json($evidence.getConfidence().toString())",
"source": "$enc.json($evidence.getSource())",
"name": "$enc.json($evidence.getName())",
"value": "$enc.json($evidence.getValue().trim())"
} }
#end #end
] ]
#if($dependency.getVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0) },
,"vulnerabilities": [ "identifiers": [
#foreach($vuln in $dependency.getVulnerabilities()) #foreach($id in $dependency.getIdentifiers())#if($foreach.count > 1),#end{
#if($foreach.count > 1),#end { "name": "$id.value",
"name": "$enc.json($vuln.name)", "type": "$enc.json($id.type)",
"cvssScore": "$vuln.cvssScore", #if($id.confidence)"confidence": "$id.confidence",#end
"cvssAccessVector": "$enc.json($vuln.cvssAccessVector)", #if($id.url)"url": "$enc.json($id.url)",#end
"cvssAccessComplexity": "$enc.json($vuln.cvssAccessComplexity)", #if($id.description )"description": "$enc.json($id.description)",#end
"cvssAuthenticationr": "$enc.json($vuln.cvssAuthentication)", #if ($id.notes)"notes": "$enc.json($id.notes)",#end
"cvssConfidentialImpact": "$enc.json($vuln.cvssConfidentialityImpact)", "suppressedIdentifiers": [
"cvssIntegrityImpact": "$enc.json($vuln.cvssIntegrityImpact)", #foreach($id in $dependency.getSuppressedIdentifiers())
"cvssAvailabilityImpact": "$enc.json($vuln.cvssAvailabilityImpact)", #if($foreach.count > 1),#end{
#if ($vuln.cvssScore<4.0) "type": "$enc.json($id.type)",
"severity": "Low", #if($id.confidence)"confidence": "$id.confidence",#end
#elseif ($vuln.cvssScore>=7.0) "name": "$id.value",
"severity": "High", #if($id.url)"url": "$enc.json($id.url),"#end
#else #if($id.description)"description": "$enc.json($id.description)",#end
"severity": "Medium", #if ($id.notes)"notes": "$enc.json($id.notes)"#end
#end
#if($vuln.cwe)"cwe": "$enc.json($vuln.cwe)",#end
"description": "$enc.json($vuln.description)",
#if ($vuln.notes)"notes": "$enc.json($vuln.notes)"#end
"references": [
#foreach($ref in $vuln.getReferences())
#if($foreach.count > 1),#end {
"source": "$enc.json($ref.source)",
"url": "$enc.json($ref.url)",
"name": "$enc.json($ref.name)"
}
#end
],
"vulnerableSoftware": [
#foreach($vs in $vuln.getVulnerableSoftware())
#if($foreach.count > 1),#end {
#if($vs.hasPreviousVersion()) "allPreviousVersion": "true",#end
"software": "$enc.json($vs.name)"
} }
#end #end
] ]
}#end }
]
#end #end
]
#if($dependency.getSuppressedVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0) #if($dependency.getVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
,"suppressedVulnerabilities": [ ,"vulnerabilities": [
#foreach($vuln in $dependency.getSuppressedVulnerabilities())#if($foreach.count > 1),#end { #foreach($vuln in $dependency.getVulnerabilities())#if($foreach.count > 1),#end {
"name": "$enc.json($vuln.name)", "name": "$enc.json($vuln.name)",
"cvssScore": "$vuln.cvssScore", "cvssScore": "$vuln.cvssScore",
"cvssAccessVector": "$enc.json($vuln.cvssAccessVector)", "cvssAccessVector": "$enc.json($vuln.cvssAccessVector)",
"cvssAccessComplexity": "$enc.json($vuln.cvssAccessComplexity)", "cvssAccessComplexity": "$enc.json($vuln.cvssAccessComplexity)",
"cvssAuthenticationr": "$enc.json($vuln.cvssAuthentication)", "cvssAuthenticationr": "$enc.json($vuln.cvssAuthentication)",
"cvssConfidentialImpact": "$enc.json($vuln.cvssConfidentialityImpact)", "cvssConfidentialImpact": "$enc.json($vuln.cvssConfidentialityImpact)",
"cvssIntegrityImpact": "$enc.json($vuln.cvssIntegrityImpact)", "cvssIntegrityImpact": "$enc.json($vuln.cvssIntegrityImpact)",
"cvssAvailabilityImpact": "$enc.json($vuln.cvssAvailabilityImpact)", "cvssAvailabilityImpact": "$enc.json($vuln.cvssAvailabilityImpact)",
#if ($vuln.cvssScore<4.0) "severity": "Low", #if ($vuln.cvssScore<4.0)"severity": "Low",
#elseif ($vuln.cvssScore>=7.0) "severity": "High", #elseif ($vuln.cvssScore>=7.0)"severity": "High",
#else "severity": "Medium", #else "severity": "Medium",#end
#end "cwe": "#if ($vuln.cwe)$enc.json($vuln.cwe)#end",
#if ($vuln.cwe)"cwe": "$enc.json($vuln.cwe)",#end "description": "$enc.json($vuln.description)",
"description": "$enc.json($vuln.description)" "notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
#if ($vuln.notes),"notes": "$enc.json($vuln.notes)"#end "references": [
,"references": [ #foreach($ref in $vuln.getReferences())
#foreach($ref in $vuln.getReferences()) #if($foreach.count > 1),#end {
#if($foreach.count > 1),#end {
"source": "$enc.json($ref.source)", "source": "$enc.json($ref.source)",
"url": "$enc.json($ref.url)", "url": "$enc.json($ref.url)",
"name": "$enc.json($ref.name)" "name": "$enc.json($ref.name)"
} }#end
#end ],
], "vulnerableSoftware": [
"vulnerableSoftware": [ #foreach($vs in $vuln.getVulnerableSoftware())
#foreach($vs in $vuln.getVulnerableSoftware()) #if($foreach.count > 1),#end {
#if($foreach.count > 1),#end { "software": "$enc.json($vs.name)"
#if($vs.hasPreviousVersion()) "allPreviousVersion": "true",#end #if($vs.hasPreviousVersion()) ,"allPreviousVersion": "true"#end
"name": "$enc.json($vs.name)" }#end
}
#end
]
}
#end
] ]
#end }#end
]#end
} #if($dependency.getSuppressedVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
#end ,"suppressedVulnerabilities": [
] #foreach($vuln in $dependency.getSuppressedVulnerabilities())#if($foreach.count > 1),#end {
} "name": "$enc.json($vuln.name)",
"cvssScore": "$vuln.cvssScore",
"cvssAccessVector": "$enc.json($vuln.cvssAccessVector)",
"cvssAccessComplexity": "$enc.json($vuln.cvssAccessComplexity)",
"cvssAuthenticationr": "$enc.json($vuln.cvssAuthentication)",
"cvssConfidentialImpact": "$enc.json($vuln.cvssConfidentialityImpact)",
"cvssIntegrityImpact": "$enc.json($vuln.cvssIntegrityImpact)",
"cvssAvailabilityImpact": "$enc.json($vuln.cvssAvailabilityImpact)",
#if ($vuln.cvssScore<4.0) "severity": "Low",
#elseif ($vuln.cvssScore>=7.0) "severity": "High",
#else "severity": "Medium",
#end
"cwe": "#if ($vuln.cwe)$enc.json($vuln.cwe)#end",
"description": "$enc.json($vuln.description)",
"notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
"references": [
#foreach($ref in $vuln.getReferences())
#if($foreach.count > 1),#end {
"source": "$enc.json($ref.source)",
"url": "$enc.json($ref.url)",
"name": "$enc.json($ref.name)"
}#end
],
"vulnerableSoftware": [
#foreach($vs in $vuln.getVulnerableSoftware())
#if($foreach.count > 1),#end {
"name": "$enc.json($vs.name)"
#if($vs.hasPreviousVersion()) ,"allPreviousVersion": "true"#end
}#end
]
}#end
]#end
}#end
]
} }

4
dependency-check-maven/src/it/729-system-scope-resolved/postbuild.groovy
View File

@@ -25,6 +25,6 @@ def slurper = new JsonSlurper()
def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8") def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8")
assert json instanceof Map assert json instanceof Map
assert json.analysis.dependencies instanceof List assert json.dependencies instanceof List
assert json.analysis.dependencies.size()==1 assert json.dependencies.size()==1
return true; return true;

4
dependency-check-maven/src/it/729-system-scope-skipped/postbuild.groovy
View File

@@ -25,6 +25,6 @@ def slurper = new JsonSlurper()
def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8") def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8")
assert json instanceof Map assert json instanceof Map
assert json.analysis.dependencies instanceof List assert json.dependencies instanceof List
assert json.analysis.dependencies.size()==0 assert json.dependencies.size()==0
return true; return true;