Added new ODC scans for Java libraries. Those can scan even transitive dependencies and can be run before adding a new library to a project.

2026-03-21 16:50:04 +01:00 · 2017-07-31 12:09:23 +02:00
parent bb0089cd97
commit 2049759430
31 changed files with 824 additions and 200 deletions
--- a/app/views/statistics/allLibraries.scala.html
+++ b/app/views/statistics/allLibraries.scala.html
@@ -14,7 +14,6 @@
        "all",
        allDependencies.sortBy(_.identifiers.toIndexedSeq.sortBy(i => (i.confidence.id, i.identifierType, i.name)).mkString(", ")),
        selectorOption = projectsWithSelection.selectorString,
-        expandByDefault = false,
        addButtons = false
    )

--- a/app/views/statistics/vulnerableLibraries.scala.html
+++ b/app/views/statistics/vulnerableLibraries.scala.html
@@ -62,15 +62,8 @@ $(document).ready(function(){
    </div>
    @dependencyList(
        "vulnerable",
-        vulnerableDependencies.sortBy(d => (
-                d.maxCvssScore.map(-_),                                                         // maximum CVSS score is the king
-                if(d.maxCvssScore.isEmpty) Some(-d.dependencies.size) else None,                // more affected dependencies if no vulnerability has defined severity
-                -d.vulnerabilities.size,                                                        // more vulnerabilities
-                -d.projects.size,                                                               // more affected projects
-                d.cpeIdentifiers.map(_.toCpeIdentifierOption.get).toSeq.sorted.mkString(" "))   // at least make the order deterministic
-        ),
+        vulnerableDependencies.sorted(severityOrdering),
        selectorOption = projectsWithSelection.selectorString,
-        expandByDefault = false,
        addButtons = false
    )
 }