github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,943 Commits 7 Branches 56 Tags
1ecde9bbc1ec68bb93272d507a85c3386dc3409a
Commit Graph

3943 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anthony Whitford
1ecde9bbc1 maven-jar-plugin 3.0.0 released; maven-resources-plugin 3.0.0 released. 2016-05-28 08:27:39 -07:00
Jeremy Long
c0384bb0ee Merge pull request #502 from xthk/master 
Update initialize_mysql.sql
 2016-05-25 06:12:52 -04:00
Tilmann H
2906b315b3 Update initialize_mysql.sql 
lower cased "properties" in UPDATE statement
 2016-05-25 11:36:09 +02:00
Jeremy Long
425fd65bd8 added more false positive suppressions 2016-05-21 07:09:08 -04:00
Jeremy Long
7d83362a85 removed stack trace from build when ruby and bundle-audit are not installed 2016-05-15 07:49:17 -04:00
Jeremy Long
0b26894112 checkstyle/pmd/findbugs correction(s) 2016-05-15 07:48:26 -04:00
Jeremy Long
17f810a720 implement issue #498 2016-05-15 07:30:38 -04:00
Jeremy Long
71ef8061f9 merge conflict resolved 2016-05-15 07:29:17 -04:00
Jeremy Long
353b17690f checkstyle/pmd/findbugs correction(s) 2016-05-15 07:22:52 -04:00
Jeremy Long
6790727260 ensured resources are properly closed 2016-05-15 07:02:18 -04:00
Jeremy Long
e129f7db85 Merge branch 'biancajiang-ruby_dependency' 2016-05-15 06:46:18 -04:00
Jeremy Long
ea942398e3 updated test case to use the correct parent class that allows for use of the database during testing 2016-05-15 06:45:57 -04:00
Jeremy Long
5ad72cae3f Merge branch 'ruby_dependency' of git://github.com/biancajiang/DependencyCheck into biancajiang-ruby_dependency 2016-05-14 09:45:26 -04:00
Jeremy Long
5f945bc696 Merge branch 'master' of github.com:jeremylong/DependencyCheck 2016-05-14 07:21:07 -04:00
Jeremy Long
6f451736ba Add ability to flag analyzers as experimental so that they are not always enabled 2016-05-14 07:20:53 -04:00
Jeremy Long
30856f4a4f corrected doxia version 2016-05-14 07:19:12 -04:00
bjiang
9d1408be20 do not use actual path for packagePath from compress case 2016-05-13 13:33:34 -04:00
Jeremy Long
f21f371751 Merge pull request #494 from erikerikson/master 
Align documentation with current project name specification flag
 2016-05-06 18:23:32 -04:00
bjiang
d5e8f54214 fix RubyBundlerAnalyzer.accept 2016-05-06 17:55:21 -04:00
bjiang
83f83d4eee add RubyBundlerAnalyzerTest 2016-05-06 17:45:40 -04:00
bjiang
b0f4ab9ba5 cleanup & Rakefile support placeholder 2016-05-06 17:25:08 -04:00
bjiang
06dad8f79c javadoc 2016-05-06 17:22:39 -04:00
bjiang
83ab122ddf disable RubyBundlerAnalyzer if RubyBundleAuditAnalyzer 2016-05-06 16:42:39 -04:00
bjiang
8a42fe4ae1 javadoc 2016-05-06 16:19:59 -04:00
bjiang
94c6778b89 better javadoc 2016-05-06 16:14:16 -04:00
bjiang
c0e5973517 rename RubyBundlerAnalyzer and javadoc 2016-05-06 15:50:35 -04:00
bjiang
4de3fb1f2a javadoc 2016-05-06 10:25:49 -04:00
Erik Erikson
ee77fccffd Align documentation with current project name specification flag 
When using the "--app" flag, the following warning is produced:

 [WARN] The 'app' argument should no longer be used; use 'project' instead.

 This change updates the documentation from suggesting "--app" to "--project"
 2016-05-03 10:31:00 -07:00
bjiang
189da08885 merge upstream 2016-05-03 13:05:56 -04:00
Jeremy Long
9e63ac6d5b Merge pull request #493 from awhitford/CommIO25 
Commons-IO 2.5 upgrade
 2016-05-02 19:26:52 -04:00
Jeremy Long
4d7ab8b187 Merge pull request #491 from mwieczorek/MSSQL_Support 
MSSQL Support
 2016-05-02 19:25:39 -04:00
Jeremy Long
4de9818bee original CVE used in test does not exist in the current default DB used for tests. 2016-05-01 20:16:30 -04:00
Jeremy Long
7a2e1fd221 updated bundle audit score to be more accurate 2016-05-01 15:39:12 -04:00
Jeremy Long
d0ca800a23 Merge branch 'geramirez-fix-cvss-for-bundle-audit' 2016-04-30 11:20:39 -04:00
Jeremy Long
35ffd56ea9 fixed compile issues in PR 2016-04-30 11:20:26 -04:00
Jeremy Long
84b992d3a1 Merge branch 'fix-cvss-for-bundle-audit' of git://github.com/geramirez/DependencyCheck into geramirez-fix-cvss-for-bundle-audit 2016-04-30 11:02:16 -04:00
Jeremy Long
9e46364759 updated test cases to track down build issue 2016-04-30 10:56:50 -04:00
Dave Goddard
0f37c2b59c Adding sinatra fixture 
Signed-off-by: Gabriel Ramirez <gabriel.e.ramirez@gmail.com>
 2016-04-29 16:17:51 -04:00
Michal Wieczorek
33852ea7e3 MSSQL Support 2016-04-27 23:35:05 +02:00
Anthony Whitford
4fbed1cdac Added Charset to avoid deprecated FileUtils methods. 2016-04-27 01:37:00 -07:00
Anthony Whitford
42c61ab457 commons-io 2.5 released; jsoup 1.9.1 released. 2016-04-27 01:22:20 -07:00
David Jahn
8c6b9f9c68 Fixed CVSS for Ruby. 
this bug was discovered when scanning ruby applications and getting back
`-1` cvss. this turns out to be a problem with bundle-audit cve
database.

Our solution was to use the NVD database, which dependency check uses to
get the CVSS scores for Ruby only if the Criticality is missing from
bundle-audit output. Keep in mind there are compilation errors with the
commit atm.

Fixes #485

Signed-off-by: Gabriel Ramirez <gabriel.e.ramirez@gmail.com>
 2016-04-25 09:40:54 -04:00
Jeremy Long
abebecac4a updated parser and tests to revert to old suppression schema if new schema fails 2016-04-24 09:06:00 -04:00
Jeremy Long
87efe429da fixed broken schema 2016-04-24 09:05:26 -04:00
Jeremy Long
35128b0bd4 updated 2016-04-24 09:04:22 -04:00
Jeremy Long
186cb2270f ensure updated schema is published to the site 2016-04-24 07:25:32 -04:00
Jeremy Long
deda02f879 updated suppression schema to require a CPE, CVE, or CVSS Below per issue #488 2016-04-24 07:20:11 -04:00
Jeremy Long
bcc2478ef7 snapshot version 2016-04-24 07:17:42 -04:00
Jeremy Long
8d54654482 Merge pull request #487 from awhitford/DepUpg160416 
Upgraded plugins and dependencies
 2016-04-17 21:02:54 -04:00
Jeremy Long
08318107c1 Merge pull request #486 from awhitford/MavenWarnings 
Maven warnings
 2016-04-17 21:02:35 -04:00