DependencyCheck

mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00

Author	SHA1	Message	Date
Jeremy Long	9e63ac6d5b	Merge pull request #493 from awhitford/CommIO25 Commons-IO 2.5 upgrade	2016-05-02 19:26:52 -04:00
Jeremy Long	4d7ab8b187	Merge pull request #491 from mwieczorek/MSSQL_Support MSSQL Support	2016-05-02 19:25:39 -04:00
Jeremy Long	4de9818bee	original CVE used in test does not exist in the current default DB used for tests.	2016-05-01 20:16:30 -04:00
Jeremy Long	7a2e1fd221	updated bundle audit score to be more accurate	2016-05-01 15:39:12 -04:00
Jeremy Long	35ffd56ea9	fixed compile issues in PR	2016-04-30 11:20:26 -04:00
Jeremy Long	84b992d3a1	Merge branch 'fix-cvss-for-bundle-audit' of git://github.com/geramirez/DependencyCheck into geramirez-fix-cvss-for-bundle-audit	2016-04-30 11:02:16 -04:00
Jeremy Long	9e46364759	updated test cases to track down build issue	2016-04-30 10:56:50 -04:00
Dave Goddard	0f37c2b59c	Adding sinatra fixture Signed-off-by: Gabriel Ramirez <gabriel.e.ramirez@gmail.com>	2016-04-29 16:17:51 -04:00
Michal Wieczorek	33852ea7e3	MSSQL Support	2016-04-27 23:35:05 +02:00
Anthony Whitford	4fbed1cdac	Added Charset to avoid deprecated FileUtils methods.	2016-04-27 01:37:00 -07:00
David Jahn	8c6b9f9c68	Fixed CVSS for Ruby. this bug was discovered when scanning ruby applications and getting back `-1` cvss. this turns out to be a problem with bundle-audit cve database. Our solution was to use the NVD database, which dependency check uses to get the CVSS scores for Ruby only if the Criticality is missing from bundle-audit output. Keep in mind there are compilation errors with the commit atm. Fixes #485 Signed-off-by: Gabriel Ramirez <gabriel.e.ramirez@gmail.com>	2016-04-25 09:40:54 -04:00
Jeremy Long	abebecac4a	updated parser and tests to revert to old suppression schema if new schema fails	2016-04-24 09:06:00 -04:00
Jeremy Long	87efe429da	fixed broken schema	2016-04-24 09:05:26 -04:00
Jeremy Long	deda02f879	updated suppression schema to require a CPE, CVE, or CVSS Below per issue #488	2016-04-24 07:20:11 -04:00
Jeremy Long	bcc2478ef7	snapshot version	2016-04-24 07:17:42 -04:00
Jeremy Long	8722eae766	version 1.3.6	2016-04-10 07:06:07 -04:00
Jeremy Long	53776936ca	fix FP per issue #469	2016-04-09 11:27:08 -04:00
Jeremy Long	dca465b801	fixed minor warning about file encoding during build	2016-04-09 07:31:40 -04:00
Jeremy Long	0b699d45bf	Merge pull request #467 from colezlaw/python-init Patch for jeremylong/DependencyCheck/#466	2016-03-25 19:35:06 -04:00
Jeremy Long	54beafa262	Merge pull request #475 from biancajiang/master Fix test to skip the proper test case when bundle-audit is not available	2016-03-25 19:34:34 -04:00
Jeremy Long	531d4923eb	Merge pull request #470 from MrBerg/suppress-osvdb Make it possible to suppress vulnerabilities from OSVDB	2016-03-25 19:33:43 -04:00
Swapnil S. Mahajan	ca54daf456	Added primary key to "software" table "software" is a bridge table so there should always be only one record for a pair of cpeEntryId and cveid.	2016-03-25 16:55:53 +05:30
bjiang	a22fc550b3	#472 fix test to only skip the proper test case.	2016-03-21 11:38:52 -04:00
bjiang	343a78917c	Fixed #472 . Disable RubyBundleAuditAnalyzer if exception during initialize. changes: 1. disable self during initialize before bubbling exception 2. new test case RubyBundleAuditAnalyzerTest#testMissingBundleAudit()	2016-03-20 17:06:03 -04:00
bjiang	ff7d0fdb9d	#472 first fix and improve RubyBundleAuditAnalyzerTest.java Test were failing b/c Gemfile.lock and Gemfile were missing. The files were missing b/c parent .gitignore them. Changes: 1. Force added new test files, and updated test with more result validation. 2. Added error logging from bundle-audit. 3. place holder for bundle-audit install directory in test dependencycheck.properties.	2016-03-20 15:54:24 -04:00
Jonas Berg	db26b46be0	Make it possible to suppress vulnerabilities from OSVDB	2016-03-16 13:59:23 +02:00
Will Stranathan	d77a70c360	Patch for jeremylong/DependencyCheck/#466 This does two things: 1) Updates the PythonPackageAnalyzer to HIGH evidence for __init__.py 2) Removes evidence from the FileNameAnalyzer for __init__.py[co]? TODO: Need for the PythonPackageAnalyzer to still add evidence for __init__.py[co] even though it won't be able to analyze the contents of it. Also, need to work up the tree for __init__.py files to get the parent folders (not sure why subfolders are not being inspected).	2016-03-12 15:09:43 -05:00
Chad Van Wyhe	ac04c173a8	fixed trigger compilation and added version number	2016-03-07 12:55:18 -06:00
Jeremy Long	a19dd7687e	v 1.3.6-SNAPSHOT	2016-03-05 16:13:29 -05:00
Jeremy Long	550d6ca083	v1.3.5	2016-03-05 16:08:59 -05:00
Jeremy Long	cdc07047aa	doclint fixes	2016-03-05 13:18:37 -05:00
Jeremy Long	c832c2da28	doclint fixes	2016-03-05 13:18:37 -05:00
Jeremy Long	8daa713639	doclint fixes	2016-03-05 13:18:36 -05:00
Jeremy Long	e0a2966706	doclint fixes	2016-03-05 13:18:36 -05:00
Jeremy Long	354bfa14f9	doclint fixes	2016-03-05 13:18:35 -05:00
Jeremy Long	46b91702ba	doclint fixes	2016-03-05 13:18:35 -05:00
Jeremy Long	de9516e368	doclint fixes	2016-03-05 13:18:35 -05:00
Jeremy Long	3924e07e5c	doclint fixes	2016-03-05 13:18:34 -05:00
Jeremy Long	76bcbb5a7e	doclint fixes	2016-03-05 13:18:34 -05:00
Jeremy Long	8022381d1c	doclint fixes	2016-03-05 13:18:33 -05:00
Jeremy Long	feb1233081	doclint fixes	2016-03-05 13:18:33 -05:00
Jeremy Long	36eefd0836	doclint fixes	2016-03-05 13:18:32 -05:00
Jeremy Long	0e31e59759	doclint fixes	2016-03-05 13:18:32 -05:00
Jeremy Long	4a4c1e75da	doclint fixes	2016-03-05 13:18:32 -05:00
Jeremy Long	b0bfd2292a	doclint fixes	2016-03-05 13:18:31 -05:00
Jeremy Long	7214b24357	doclint fixes	2016-03-05 13:18:31 -05:00
Jeremy Long	24637f496f	doclint fixes	2016-03-05 13:18:30 -05:00
Jeremy Long	d8ecde5265	doclint fixes	2016-03-05 13:18:30 -05:00
Jeremy Long	28840c6209	doclint fixes	2016-03-05 13:18:29 -05:00
Jeremy Long	1696213406	doclint fixes	2016-03-05 13:18:29 -05:00

1 2 3 4 5 ...

1642 Commits