DependencyCheck

github-mirrors/DependencyCheck

Fork 0

mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-16 00:33:46 +01:00

Commit Graph

Select branches

Hide Pull Requests

cvedb-cache

feature/java-version-parse

gh-pages

issue690_threadsafe

master

reportGeneration

stevespringett-master

1.4.3

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.3.1

v0.2.3.2

v0.2.4.0

v0.2.5.0

v0.2.5.1

v0.2.5.2

v0.2.6.0

v0.3.0.0

v0.3.1.0

v0.3.1.1

v0.3.2.0

v0.3.2.2

v0.3.2.3

v0.3.2.4

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.0.1

v1.2.1

v1.2.11

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.4.0

v1.4.1

v1.4.2

v1.4.4

v1.4.5

a7fd410b01 stopped trimming org and com off of the groupid so it is consistent with other analyzers Jeremy Long 2014-11-01 06:51:05 -04:00
d281c36733 updated suppression rule for jersey-client Jeremy Long 2014-11-01 06:35:28 -04:00
dc91e44c0a added jersey-client 1.11.1 as an optional test dependency Jeremy Long 2014-11-01 06:35:05 -04:00
7967a858f4 Merge branch 'ctrl-alt-dev-master' Jeremy Long 2014-10-25 08:10:14 -04:00
2081407e38 added pom evidence to dependency - yes, this moves some analysis to the plugin; but in this case that is okay and will allow future enhancements Jeremy Long 2014-10-25 08:09:45 -04:00
976eabd527 noop Jeremy Long 2014-10-25 08:08:26 -04:00
b6d6a5de2b minor changes to clean up test cases Jeremy Long 2014-10-25 08:07:56 -04:00
2d58cfe0ce fixed link to the NVD Jeremy Long 2014-10-25 08:07:20 -04:00
9df8bdff5f cleaned up code to use isEmpty instead of "".equals(string) Jeremy Long 2014-10-25 08:06:56 -04:00
c86b821951 suppressed warning on unchecked cast Jeremy Long 2014-10-25 08:06:15 -04:00
4def086bf9 removed comments Jeremy Long 2014-10-25 08:05:26 -04:00
885c890d7d changed the analyzer to use the actual file name rather then the display name Jeremy Long 2014-10-25 08:05:01 -04:00
06060a6694 improved error handling of invalid search strings Jeremy Long 2014-10-25 08:04:33 -04:00
70667814f6 changed display name of files contained in archives so that it doesn't look like an invalid path Jeremy Long 2014-10-25 08:03:47 -04:00
766b7a940c changed scan methods to return a list of dependencies instead of void Jeremy Long 2014-10-25 08:02:36 -04:00
0c37586357 added Xlint:unchecked Jeremy Long 2014-10-25 08:00:11 -04:00
b4aa55ce1f Merge branch 'master' of github.com:ctrl-alt-dev/DependencyCheck into ctrl-alt-dev-master Jeremy Long 2014-10-24 05:36:40 -04:00
109443ce77 changed the name property of dependencies identified within an archive Jeremy Long 2014-10-23 06:09:39 -04:00
5f38741831 Initial checkin of work on a Solr analyzer which will replace Nexus on Internet checks Will Stranathan 2014-10-16 15:04:50 -04:00
c6f391501d added test case for patch to issue #156 Jeremy Long 2014-10-22 21:43:23 -04:00
d1f3105fbd added appropriate sorting to resolve issue #156 Jeremy Long 2014-10-22 21:42:51 -04:00
8f88ca9d3d corrected compareTo to use file path, not just file name Jeremy Long 2014-10-22 21:12:40 -04:00
f9e4ca0cc2 corrected javadoc Erik Hooijmeijer 2014-10-22 19:10:54 +02:00
5caf023677 added excludeInternalGroupIds configuration parameter that allows the exclusion of groupIds of internal projects. This is to speed up analysis as internal projects have no public vulnerabilites nor a sonatype listing but do frequently have names that collide with other libraries. The parameter can have multiple values, e.g. <excludeInternalGroupIds><groupId>nl.someinteral.project</groupId><groupId>org.another.one</groupId></excludeInternalGroupIds> Erik Hooijmeijer 2014-10-22 19:08:33 +02:00
35c2f4873c values from the project pom.xml are now taken into account as well Erik Hooijmeijer 2014-10-21 20:09:54 +02:00
1ed7bab375 additional updates for issue #162, if no pom is present in the jar, but it exists in the repo the pom from the repo will be used Jeremy Long 2014-10-17 20:55:58 -04:00
f0d1bfb777 added an additional suppression for issue #162 Jeremy Long 2014-10-16 06:57:24 -04:00
42519ac843 version 1.2.6-SNAPSHOT Jeremy Long 2014-10-14 06:28:14 -04:00
8869e13385 Merge pull request #161 from hansjoachim/exceptionTests Jeremy Long 2014-10-13 05:47:54 -04:00
8f9cbfe806 Unrelated: remove unused before/after Hans Joachim Desserud 2014-10-12 18:29:27 +02:00
6481938626 Test for exceptions with ExpectedException Hans Joachim Desserud 2014-10-12 18:27:03 +02:00
9c7cc2acbf corrected the documentation Jeremy Long 2014-10-10 20:03:36 -04:00
89a57d4ed3 removed velocity-tools to close issue #160 Jeremy Long 2014-10-10 06:36:47 -04:00
732378592b corrected link to the unfortunate realities pdf Jeremy Long 2014-10-08 06:47:27 -04:00
ee9ea74a87 fixed link Jeremy Long 2014-10-08 06:30:53 -04:00
19dc46660b corrected link to the unfortunate realities pdf Jeremy Long 2014-10-08 06:21:55 -04:00
4aad3471af fixed javadoc Jeremy Long 2014-10-08 06:21:20 -04:00
b31c4d94c4 version 1.2.5 of the documentation Jeremy Long 2014-09-17 05:43:14 -04:00
533b455356 Merge remote-tracking branch 'origin/master' Steve Springett 2014-09-16 18:52:44 -05:00
92bd305b00 version 1.2.5 v1.2.5 Jeremy Long 2014-09-16 19:47:17 -04:00
f71eb09f74 updated sample report Jeremy Long 2014-09-16 19:47:07 -04:00
83d4a7bc18 moved test case dependency,jersey client, to the allTests profile Jeremy Long 2014-09-16 05:24:43 -04:00
58807d9021 Merge remote-tracking branch 'origin/master' Steve Springett 2014-09-15 01:11:34 -05:00
29595324c4 added suppression rules for jersey-client Jeremy Long 2014-09-13 07:10:17 -04:00
f9064e526f added test jar to the extended profile test dependencies Jeremy Long 2014-09-13 07:09:54 -04:00
93ec2e8639 fixed javadoc Jeremy Long 2014-09-13 05:50:49 -04:00
0e2a31709a added test cases to ensure setting the base flag will prevent the identifier from being added to the suppressedIdentifiers collection Jeremy Long 2014-09-13 05:45:05 -04:00
c785b39eda added assertion to validate that the base flag is being processed Jeremy Long 2014-09-13 05:44:09 -04:00
8fab2f58da added the base property and skipped adding the vulnerability or identifier to the suppressed collection if this is a base suppression rule Jeremy Long 2014-09-13 05:43:16 -04:00
e44ee3bfe1 added parsing of the base flag Jeremy Long 2014-09-13 05:42:01 -04:00
62065c9d28 corrected the removal of an identifier so that iterator.remove was correctly used Jeremy Long 2014-09-13 05:41:26 -04:00
c76275275f added the base=true flag to all base suppressions Jeremy Long 2014-09-13 05:40:37 -04:00
257f78879d added base attribute to suppression rules Jeremy Long 2014-09-13 05:40:06 -04:00
894263809c added base flag to one suppression entry Jeremy Long 2014-09-13 05:39:38 -04:00
bc9458101c Merge remote-tracking branch 'origin/master' Steve Springett 2014-09-12 10:50:08 -05:00
c503935d6a updated to correctly close the ObjectOutputStream based on guidance from the CERT Java Secure Coding Standard Jeremy Long 2014-09-12 06:36:00 -04:00
d4756c9eb8 updated base suppression list to include sandbox:sandbox - a php app Jeremy Long 2014-09-12 06:34:23 -04:00
0004767775 added fix for issue #147 to address springsource, non-core spring, jars being idenified as cpe://a:springsource:springframwork Jeremy Long 2014-09-10 17:55:04 -04:00
74908642c7 added test dependency Jeremy Long 2014-09-10 17:39:31 -04:00
aadfb71c98 fixed test case by removing a temporary test entry in DetermineCPE_full Jeremy Long 2014-09-10 17:37:54 -04:00
1244af649d updated to improve CPE matching so that if a broad match occured (cpe with no version number) we use the highest confidence version when generating the CPE identifier Jeremy Long 2014-09-09 15:10:08 -04:00
7bd48cc811 updated version analysis to reduce false positives and increase accurate detection Jeremy Long 2014-09-09 15:07:28 -04:00
8f3ce38418 re-ordered operations so that a new lucene index is no longer created on each call to calDetermineCPE_full Jeremy Long 2014-09-07 08:28:44 -04:00
1b2d9b4245 fixed minor display bug Jeremy Long 2014-09-07 07:20:45 -04:00
c6b2b34fde removed duplicative test of downloading XML Jeremy Long 2014-09-07 06:59:50 -04:00
e58fc13fdb additional looping corrections in determineCPE() to break early if an identifier is found Jeremy Long 2014-09-06 19:09:38 -04:00
922d53d2e4 Increased the confidence on the pom artifact and groupid Jeremy Long 2014-09-06 19:08:22 -04:00
fec53b3951 corrected looping in determineCPE() Jeremy Long 2014-09-06 06:37:12 -04:00
e72e2c6a02 corrected documention error with the reporting sets Jeremy Long 2014-09-01 08:19:46 -04:00
08d001ee05 checkstyle corrections Jeremy Long 2014-09-01 08:13:53 -04:00
99d8a07f4a updated documentation as part of resolution for issue #144 Jeremy Long 2014-09-01 08:13:34 -04:00
eef565134b update to correct issue #79 - the internal report format is no longer supported Jeremy Long 2014-09-01 07:39:54 -04:00
9d78293437 fix for issue #128 - the application will no longer throw an exception on large files when generating the hash digest Jeremy Long 2014-09-01 07:30:04 -04:00
fc0a556e5f checkstyle and findbugs corrections Jeremy Long 2014-08-30 15:51:24 -04:00
b6b070584f checkstyle corrections, added javadoc, etc. Jeremy Long 2014-08-30 15:19:52 -04:00
e13225eee6 initial version of aggreation completed for issue #19 - some cleanup still needs to happen before final release Jeremy Long 2014-08-30 07:50:27 -04:00
da20fb2922 added velocity-tools to base suppression as it should not be reported as struts Jeremy Long 2014-08-30 07:48:02 -04:00
459c2beb12 noop Jeremy Long 2014-08-29 05:41:31 -04:00
f1cc44dead removed the externalReport option Jeremy Long 2014-08-29 05:38:40 -04:00
d24cfdc382 resolved merge conflict Jeremy Long 2014-08-16 07:41:55 -04:00
ae4cc543f6 corrected outputFile name to correctly use the target directory from project.getBuild().getDirectory() Jeremy Long 2014-08-16 07:30:34 -04:00
abdb3d17f9 added initial plumbing to support report aggregation per issue #19 - report aggregation is still not complete Jeremy Long 2014-08-16 07:29:35 -04:00
4095c5da38 made serializable Jeremy Long 2014-08-16 07:27:28 -04:00
78fab728e4 added an additional generate method Jeremy Long 2014-08-15 06:22:54 -04:00
52097a6867 initial version of the ReportAggregationMojo Jeremy Long 2014-08-15 06:02:04 -04:00
cb990b55b5 added the apache 2.0 license to the header Jeremy Long 2014-08-15 06:00:30 -04:00
5070fe303a added the configuration value mavenSettingsProxyId to inform users that if you have multiple proxies defined in settings.xml you can choose which one should be used Jeremy Long 2014-08-15 05:59:39 -04:00
b4405ebf3e minor changes to the TOC table - removed # of related dependencies and renamed CVE Impact to Highest Severity to clear up ambiguity Jeremy Long 2014-08-15 05:58:10 -04:00
d9e6bf5068 Merge pull request #145 from erik-wramner/fix-maven-proxy-bug Jeremy Long 2014-08-15 05:37:14 -04:00
6822188f52 Modified Maven plugin to use proxy host as is, not as an URL. This works correctly for our proxy server with Maven 3. erik-wramner 2014-08-10 12:15:00 +02:00
15858d03ff moved reporting functions from the core maven plugin to a utility class Jeremy Long 2014-08-08 14:44:26 -04:00
814a733258 moved reporting functions from the core maven plugin to a utility class Jeremy Long 2014-08-08 14:43:00 -04:00
3ce85d8ca9 rework of report generation and added fix for proxy (patch for proxy was from Erik Wramner) to close issue #136 Jeremy Long 2014-08-08 14:42:23 -04:00
d3bff2f39d version 1.2.5-SNAPSHOT Jeremy Long 2014-08-05 18:55:30 -04:00
c9a8bb3969 version 1.2.4 of site documentation Jeremy Long 2014-08-05 18:48:58 -04:00
f2272730ac version 1.2.4 v1.2.4 Jeremy Long 2014-08-05 18:45:36 -04:00
fe19c97d86 corrected link syntax Jeremy Long 2014-08-05 18:45:25 -04:00
d49556bf3d Merge remote-tracking branch 'origin/master' Steve Springett 2014-08-05 14:25:20 -05:00
56b447493e added additional error messages about the proxy if the download fails per issue #136 Jeremy Long 2014-08-05 10:58:43 -04:00
e45b68eda7 fixed issue #140 - false positive is now suppressed Jeremy Long 2014-08-05 10:44:33 -04:00

... 27 28 29 30 31 ...