github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-05-23 15:27:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,376 Commits 7 Branches 56 Tags
cb75ab8cca20c19d9b6195349a12d34ac4972b1d
Commit Graph

1937 Commits

Author SHA1 Message Date
Anthony Whitford 85604e8afa Logback-core is a transitive dependency from logback-classic -- no need to explicitly mention it. JSoup type is jar by default, so no need to mention that. SLF4J-Ext does not seem to be used, so can drop that. H2 only has runtime scope. 2015-09-07 16:01:10 -07:00
Anthony Whitford 9a45c9aa7c Removed unused Cal10n MessageConveyor. 2015-09-07 15:21:54 -07:00
Anthony Whitford 01450bacc2 Removed a redundant null check, and replaced an addAll with the constructor population. 2015-09-07 14:51:26 -07:00
Anthony Whitford af0255ee09 Rather than create a collection, then call addAll to populate, the collection can be created with the collection to clone. 2015-09-07 14:48:23 -07:00
Anthony Whitford df25bbb6d2 Replaced json iteration with more efficient entrySet. Also corrected an invalid logging statement. 2015-09-07 14:43:34 -07:00
Anthony Whitford 444685bc05 Inner class should be static (since it doesn't reference parent). 2015-09-07 14:40:32 -07:00
Jeremy Long 1f48af024e Merge pull request #338 from awhitford/PomCleanup 
Pom cleanup
 2015-09-07 07:34:07 -04:00
Anthony Whitford 514f8398e2 Upgraded commons-lang-2.6 to newer commons-lang3-3.4. 2015-09-07 01:09:41 -07:00
Anthony Whitford 6d70332cd6 Centralized the Versions report to the parent pom. 2015-09-06 22:21:50 -07:00
Anthony Whitford 717f6240e3 Centralized javadoc reporting to parent pom. 2015-09-06 20:51:56 -07:00
Anthony Whitford d0f884f5b2 Centralized the maven-surefire-report-plugin to the parent pom. Note that gradle and jenkins modules are skipped since it does not apply. 2015-09-06 12:56:36 -07:00
Anthony Whitford 51e66354b0 No need to explicitly add a jar goal when it implicitly exists already for a jar module. 2015-09-06 11:18:56 -07:00
Anthony Whitford a32fa69823 Moved taglist-maven-plugin to the parent pom. (Gradle and Jenkins modules don't have them -- before or after.) This will make it easier to manage and evolve. 2015-09-06 01:29:17 -07:00
Anthony Whitford 5c53b6528f Centralized the findbugs-maven-plugin to the parent pom. Gradle and Jenkins modules skip it naturally. The onlyAnlyze setting for utils is maintained via a property. Also was able to upgrade to latest plugin, version 3.0.2. 2015-09-06 00:51:28 -07:00
Anthony Whitford 9b92007eff Centralized cobertura plugin to the parent pom and was able to upgrade it from 2.6 to 2.7. 2015-09-06 00:23:24 -07:00
Anthony Whitford e433809f4d Moved maven-jxr-plugin and maven-project-info-reports-plugin reporting declarations into the parent pom. No need to duplicate in child modules. Utils did not have project-info reports, but there does not seem to be a good reason. Also note that the JXR plugin is naturally skipped when it does not apply (there is no java code), so not necessary to explicitly skip it for gradle and jenkins modules. 2015-09-05 23:57:53 -07:00
Jeremy Long 3bb716b060 Merge pull request #336 from awhitford/Timing 
Added time measurements for key steps.
 2015-09-05 21:08:05 -04:00
Jeremy Long 784b78b17c added another timer to pull #336 2015-09-05 21:07:29 -04:00
Jeremy Long d452c5fabb fixed shift operator per issue #335 2015-09-05 20:56:18 -04:00
Anthony Whitford 92e1fd3f28 Added time measurements for key steps. 2015-09-05 00:31:50 -07:00
Dale Visser 1e29d2e751 Merge branch 'upmaster' into ruby-bundler 
Conflicts:
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
 2015-08-30 15:11:33 -04:00
Dale Visser a0437bf933 Ruby bunder: Code needed to disable the analyzer in the CLI if desired. 2015-08-30 15:07:21 -04:00
Dale Visser 73e0292a4b Ruby Bundler: Added informative message about updating DB. Switched most log messages to debug level. 2015-08-30 14:52:55 -04:00
Dale Visser c393e74160 Ruby bundler: Better message and logging when bundle-audit not found. 2015-08-30 14:31:58 -04:00
Dale Visser 80c4666198 Ruby bundler: More method extractions to eliminate monolithic method. 2015-08-30 14:16:32 -04:00
Dale Visser ea7bd1f700 Ruby bundler: tidied up how extracted method is used. 2015-08-30 14:06:47 -04:00
Dale Visser b3a55cc85d Ruby bundler: extracted method 2015-08-30 13:57:30 -04:00
Dale Visser 036200350d Ruby bundler: add needed null checks to avoid NPEs. 2015-08-30 13:50:22 -04:00
Dale Visser 713e9658c5 Ruby bundler: got description working. Added boilerplate text describing differences from standard D-C vulnerability report. 2015-08-29 12:29:44 -04:00
Dale Visser 782039810e Ruby Bundler: Added URL to report. 2015-08-29 11:33:16 -04:00
Dale Visser b473d8ab9c Ruby Bundler: Added URL to report. 2015-08-29 11:28:38 -04:00
Dale Visser 2eb6918fb3 Ruby Bundler: Clean up report a little bit, and grouped vulnerabilities under dependencies, when appropriate. 2015-08-29 11:06:24 -04:00
Dale Visser 6f4ce34840 Ruby Bundler: Added CVSS score and a little hack to avoid dependency bundling. 2015-08-28 21:31:01 -04:00
Dale Visser 8853552161 Ruby Bundler: Successfully adding vulnerability into report, though all displayed info not looking great. 2015-08-28 19:56:35 -04:00
Dale Visser 95d3d17d83 Ruby Bundler: Now successfully creating temp files for dependency objects. 2015-08-28 13:58:49 -04:00
Jeremy Long c41a288280 added null checks 2015-08-28 05:27:00 -04:00
Dale Visser a0492fe944 Merge branch 'upmaster' into ruby-bundler 
Conflicts:
	dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
 2015-08-27 14:05:36 -04:00
Dale Visser c60245ea2b Node.js Analyzer: Switched from org.json to Glassfish JSR 353 reference implementation. 2015-08-25 17:28:17 -04:00
Dale Visser 9e25480baa Merge branch 'upmaster' into node-js-analyzer 
Conflicts:
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
	dependency-check-cli/src/site/markdown/arguments.md
	dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
 2015-08-25 13:03:12 -04:00
Jeremy Long e484c5754e Merge pull request #312 from dwvisser/rubygems-analyzer-pr 
Rubygems analyzer
 2015-08-25 05:31:10 -04:00
Jeremy Long 481e753ad4 corrected spring-security false positives per issue #319 and #311 2015-08-23 06:45:35 -04:00
Dale Visser 271016f0fa Added verbose flag to get as much reportable info as possible. 2015-08-19 15:33:50 -04:00
Dale Visser 4493f895c6 Added test resources to cover interesting bundle-audit cases. 2015-08-19 15:26:17 -04:00
Dale Visser 5c32ecd8e1 Ruby Analyzer: Added bundle-audit analyzer. So far just launches if available and logs the output. 2015-08-18 16:59:39 -04:00
Dale Visser 2db1f8d2b6 Random fixes to issues found by IntelliJ IDEA code inspection. 2015-08-17 18:55:51 -04:00
Dale Visser 235869fc79 rubygems: Reformat and consisitent parameter naming in private methods. 2015-08-12 12:08:05 -04:00
Dale Visser 89166e81fb rubygems: Add summary to evidence, inline constants that were only being used once. 2015-08-12 12:08:05 -04:00
Dale Visser 2d109b81cf rubygems: Used substring(int) to remove the need for Matcher.find(int). 
Also fixed javadoc, made some variables final, shortened a variable name.
 2015-08-12 12:06:18 -04:00
Dale Visser 5c02b4dccb rubygems: Added new analyzer to META-INF/services. Confirmed correlation with CPE in CLI. 2015-08-12 12:06:18 -04:00
Dale Visser e7f154b58d rubygems: Various refactoring improvements. 2015-08-12 12:00:56 -04:00