github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-01-13 15:23:59 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity
168 Commits 3 Branches 0 Tags
master
Commit Graph

145 Commits

Author SHA1 Message Date
Šesták Vít
fdd5b9f8d5 Fixed timestamp parsing 2020-01-31 13:43:12 +01:00
Šesták Vít
822bb956d1 Fix outdated vulnerability database check 2020-01-31 07:34:11 +01:00
Šesták Vít
c537a5c5c5 Adapt for new version of ODC database 2020-01-31 02:19:48 +01:00
Šesták Vít
52c3228ac3 Add support for newer ODC 2020-01-31 00:53:40 +01:00
Šesták Vít
2db75d0617 Switch to PostgreSQL 2020-01-23 10:02:05 +01:00
Šesták Vít
7dfe71b8b9 Added Maven internal dependencies to API 2019-06-05 16:00:04 +02:00
Šesták Vít
f7d6fa0f8e Filter profiles on a better place 2019-01-21 13:00:48 +01:00
Šesták Vít
8077c249c9 Blacklist some directories as framework names 2019-01-21 10:24:44 +01:00
Šesták Vít
8b8c072510 Added support for scanning of non-JAR packages from Maven 2018-10-22 12:49:17 +02:00
Šesták Vít
ef5d7e911d Update for support of ODC 3.3.2 2018-09-26 15:35:02 +02:00
Šesták Vít
181a4c596c Adjusted formatting of library identifiers in vulnerability details 2018-04-16 10:34:50 +02:00
Šesták Vít
a2a4ee01c7 Report proper error messages when filter is wrong project or wrong team 2018-03-21 10:45:11 +01:00
Šesták Vít
e6e9d4c940 Added API endpoint for statistics. 2018-03-21 10:15:28 +01:00
Šesták Vít
dcc109a729 Added support for scanning transitive dependencies for .NET libraries (except those with unlimited set of supported TMFs). 2018-03-07 13:59:43 +01:00
Šesták Vít
d87535df84 Added warning for WebJars other than NPM. 2018-03-02 15:57:42 +01:00
Šesták Vít
15f8319de9 Added API for lisling vulnerabilities 2018-03-02 07:43:07 +01:00
Šesták Vít
d56ffbccc6 Makes also working directory fixed for a single scan. Also, ODC path is resolved from working directory. As a result, one can atomically swap symlinks without affecting ongoing scans. 2018-02-28 17:16:07 +01:00
Šesták Vít
bc2e6589fb Make ODC installation fixed during a single scan. As a result, one can atomically swap symlinks without affecting ongoing scans. 2018-02-28 13:07:36 +01:00
Šesták Vít
9836c5040f Fix support for empty CVSS score tags. 2018-02-14 15:42:03 +01:00
Šesták Vít
e766abf38c Adapted for current ODC output format 2018-02-14 09:21:42 +01:00
Šesták Vít
8095deae70 Fixed handling of slightly diverging dependencies (e.g., different filename) when comparing scans. It used to be considered as two separate dependencies. This caused such dependencies to appear in both added and removed dependencies. 2018-02-05 10:36:47 +01:00
Šesták Vít
d57b9aeb97 Added support for installed plugins in Maven scans. 2017-12-20 15:06:12 +01:00
Šesták Vít
5f9546934e When comparing, also list vulnerable dependencies 2017-12-08 17:08:59 +01:00
Šesták Vít
644bd3b539 Give more information when comparing commits. 2017-12-08 15:58:08 +01:00
Šesták Vít
9343619ca9 Initial support for virtual dependencies. 
Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
 2017-12-08 12:20:07 +01:00
Šesták Vít
39ba123efc Added support for comparison of scans 2017-12-08 10:18:25 +01:00
Šesták Vít
2e21f78105 Added search for newer NuGet 2017-11-15 16:28:31 +01:00
Šesták Vít
0735ef5dd2 Added a minor comment 2017-11-15 16:28:02 +01:00
Šesták Vít
53890026b4 Removed unneeded library 2017-10-16 16:56:57 +02:00
Šesták Vít
65232504cb Updated confidence highlighting 2017-10-16 09:24:55 +02:00
Šesták Vít
2a95b07b54 Added more fail safety for vulnerability export. 
This should affect all exports when a vulnerability disappears.
 2017-10-11 16:54:40 +02:00
Šesták Vít
cdb31dcc4e Failsafe behavior for e-mail notifications. 
If the vulnerability is not found, it now does its best for providing relevant information. Even if no additional information (other than vulnerability identifier) can be provided, it does not cause an exception when sending e-mail. Which is the main point of this improvement.
 2017-10-11 15:48:20 +02:00
Šesták Vít
8688ffd730 Added identifier confidence 2017-10-09 15:46:23 +02:00
Šesták Vít
1097e77d1c Preffer CPE identifiers 2017-10-09 15:01:04 +02:00
Šesták Vít
e43cee7743 E-mail export: More descriptive error message when some vulnerability is missing 2017-10-06 11:05:57 +02:00
Šesták Vít
876086ce3f Fixed issue with newlines in JIRA export 2017-10-06 10:06:53 +02:00
Šesták Vít
629b42d943 Added throttling to JIRA in order to make it more server friendly 2017-09-11 23:48:38 +02:00
Šesták Vít
a155188fec Fixed affected projects not appearing in some views 2017-08-02 09:55:41 +02:00
Šesták Vít
f8e073cc54 .NET scans are now able to detect a missing library 2017-08-01 16:26:55 +02:00
Šesták Vít
4ac4b7b501 Improved main library detection for .NET 2017-08-01 16:14:55 +02:00
Šesták Vít
9a93099f60 Added config option for NuGet -source 2017-08-01 16:04:19 +02:00
Šesták Vít
22e4cff12b Added .NET scans. 2017-08-01 15:28:34 +02:00
Šesták Vít
b23cc3e3dc Menu made smaller in order to better fit all the items 2017-08-01 09:47:04 +02:00
Šesták Vít
2d1198d7cc Changed plot descriptions 2017-07-31 16:19:28 +02:00
Šesták Vít
0ec8928ff7 Moved Status to “…” 2017-07-31 16:19:13 +02:00
Šesták Vít
2049759430 Added new ODC scans for Java libraries. Those can scan even transitive dependencies and can be run before adding a new library to a project. 2017-07-31 14:35:03 +02:00
Šesták Vít
bb0089cd97 Added forgotten file 2017-06-28 10:49:29 +02:00
Šesták Vít
420a765dc4 Added a proper error message for a missing library 2017-06-28 09:15:55 +02:00
Šesták Vít
ffabc8a4e5 Added support for brand 2017-06-21 13:06:35 +02:00
Šesták Vít
b00857368a Added throttling to reduce Bamboo peak load and number of concurrent connections 2017-06-21 10:18:39 +02:00