github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,376 Commits 7 Branches 56 Tags
2ea0eb3c640c866f771f655de0097449f7935abf
Commit Graph

1762 Commits

Author SHA1 Message Date
Jeremy Long
2ea0eb3c64 correct fix for issue #660; correctly handle organization from the pom 2017-02-21 06:40:02 -05:00
Jeremy Long
a5990ea6f3 update to #657 to allow sorted vulnerable software in repots; also, sorting an array list is faster then building a treeset 2017-02-21 06:38:31 -05:00
Jeremy Long
d31e0453bd fix for #660 2017-02-20 07:01:05 -05:00
stevespringett
ae21424a30 Closes #664 2017-02-18 21:23:19 -06:00
Jeremy Long
3577949425 codacy recommended updates 2017-02-17 19:03:53 -05:00
Jeremy Long
0d72471502 fixed synchronization per coverity 2017-02-17 18:00:40 -05:00
Jeremy Long
d9dcc8cc2d fixed UTF-8 BOM bug 2017-02-17 17:18:10 -05:00
Jeremy Long
c9e8e6cf0e codacy recommended updates 2017-02-17 14:20:43 -05:00
Jeremy Long
960a2e27ab formating and codacy recommended updates 2017-02-17 12:59:17 -05:00
Jeremy Long
ae5a95bfb3 merge #662 2017-02-17 12:13:45 -05:00
Jeremy Long
d6c9fea354 formating and codacy recommended updates 2017-02-17 12:03:11 -05:00
Jeremy Long
d6f1351f6b Merge pull request #657 from stefanneuhaus/accelerate-db-update_get-rid-of-treeset 
Accelerate CVE DB update: replace TreeSets in Vulnerability by HashSets
 2017-02-17 10:48:46 -05:00
Jeremy Long
373488adb4 codacy recommended updates 2017-02-17 10:31:25 -05:00
Stefan Neuhaus
59401cc9f8 cleanup/code style 2017-02-16 20:55:26 +01:00
Stefan Neuhaus
eca0e7a852 Fix integration test 2017-02-16 20:53:48 +01:00
Stefan Neuhaus
563dc24854 Parallelize retrieval of last modification timestamps 2017-02-16 08:59:09 +01:00
Stefan Neuhaus
3a70e25983 Refactoring: Move retrieval of last modified timestamps from UpdateableNvdCve to NvdCveUpdater 
- UpdateableNvdCve is from its nature more like a simple value object
- Facilitates performance optimization for retrieval of last modification timestamps
 2017-02-16 08:58:50 +01:00
Stefan Neuhaus
a9fc6bf02c cleanup: remove unused stuff 2017-02-16 08:58:36 +01:00
Stefan Neuhaus
cd4f09dc86 NvdCveUpdater: Refactor thread pool concept 
- Make thread pools members of the class to facilitate reuse
- Increase default max download thread pool size from 3 to 50 (should be fine for mostly blocking tasks like downloading)
 2017-02-16 08:58:14 +01:00
Stefan Neuhaus
0464626e2b Accelerate CVE DB update 
Vulnerability: switch vulnerableSoftware and references from expensive TreeSet to HashSet
 2017-02-11 20:46:28 +01:00
Jeremy Long
0b329bd40e added test case 2017-02-07 19:41:06 -05:00
Jeremy Long
3d33f24f09 Merge pull request #655 from suhand/master 
Minor spelling fixes
 2017-02-07 19:40:39 -05:00
Jeremy Long
886c02fad2 add configuration to remove FP based on parent-group/artifact from spring-boot 2017-02-07 06:24:34 -05:00
Jeremy Long
3a11504153 updated to prevent bundling of dependencies within WAR files 2017-02-07 06:22:55 -05:00
Jeremy Long
3a082ae00a minor update to #617 2017-02-07 06:06:53 -05:00
Suhan Dharmasuriya
780201845b Minor spelling fixes 2017-02-07 12:00:17 +05:30
Jeremy Long
0e0a4bb0b4 expanded hint rules so that they can remove evidence 2017-02-04 09:20:47 -05:00
Jeremy Long
5333083a78 fixed bug that caused ODC to fail if an invalid assembly was scanned 2017-01-28 08:13:27 -05:00
Jeremy Long
f39f754b7b reapplied fix for issue #601 2017-01-22 08:10:14 -05:00
Jeremy Long
c59615f452 patch for issue #510 and #512 2017-01-22 08:01:40 -05:00
Jeremy Long
847bed2fa0 added manifest implementation-version 2017-01-22 07:42:11 -05:00
Jeremy Long
a9af15f6f8 checkstyle/pmd suggested corrections 2017-01-21 08:47:52 -05:00
Rick Oosterholt
df8d4fd77c Minor change: When JAR reading errors occur, at least add the file name 
to the exception. Without it, finding the troubling JAR is hard.
 2017-01-18 13:52:17 +01:00
Jeremy Long
9d5769bb69 Merge branch 'issue575' 2017-01-15 11:19:37 -05:00
Jeremy Long
523cd23b6b filter version numbers for issue #575 2017-01-14 09:41:34 -05:00
Jeremy Long
8733a85ebb patch per issue#642 2017-01-13 06:53:26 -05:00
Jeremy Long
d9f0ffa742 Merge pull request #634 from hgschmie/enable_disable 
rework the enabled / disabled logic
 2017-01-08 08:18:12 -05:00
Jeremy Long
8d63ee19ed fix for Jenkins integration, updates to commit f47c6b0 2017-01-08 07:55:35 -05:00
Jeremy Long
6af0842838 added logging 2017-01-02 21:45:21 -05:00
Jeremy Long
4c49adf1ba reduced code duplication 2017-01-02 21:44:59 -05:00
Jeremy Long
5f4e4fab56 reduced code duplication 2017-01-02 21:43:51 -05:00
Jeremy Long
146d7e3fbf reduced code duplciation 2017-01-02 21:42:20 -05:00
Henning Schmiedehausen
def78a3cfd rework the enabled / disabled logic 
If an analyzer is disabled from the configuration, it should not be
initialized (because some of the may actually fail during that process
nor should the engine log in any way that those exist.

With these changes, it is possible for me to turn off unwanted
analyzers (e.g. Ruby analyzers for a java project) from the maven
plugin and not confuse my users with spurious misleading messages.
 2016-12-28 16:39:25 -08:00
Jeremy Long
63ad13ff7a added enabled properties per issue #612 2016-12-27 08:46:04 -05:00
Jeremy Long
dd92ec675f fixed error in tests 2016-12-27 08:45:42 -05:00
Jeremy Long
6e1512f7d9 added enabled setting (#612) and added additional checks to see if the update should occur (#631) 2016-12-27 08:45:01 -05:00
Jeremy Long
287b1df3fd added enabled settings for all analyzers per #612 2016-12-26 09:11:26 -05:00
Jeremy Long
38bf9b4ddb checkstyle recommendations 2016-12-22 07:32:04 -05:00
Jeremy Long
f9d3a9d8d8 Merge pull request #614 from stefanneuhaus/issue-613-fix-version-comparison 
Fix handling of numerical versions
 2016-12-22 06:58:26 -05:00
Jeremy Long
60e661d3a4 updated per issue #630 2016-12-22 06:55:26 -05:00