github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-01-14 15:53:53 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity
157 Commits 3 Branches 0 Tags
ef5d7e911d3d2e17fbbe530792f5b23fe278dfba
Commit Graph

157 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Šesták Vít
ef5d7e911d Update for support of ODC 3.3.2 2018-09-26 15:35:02 +02:00
Šesták Vít
181a4c596c Adjusted formatting of library identifiers in vulnerability details 2018-04-16 10:34:50 +02:00
Šesták Vít
a2a4ee01c7 Report proper error messages when filter is wrong project or wrong team 2018-03-21 10:45:11 +01:00
Šesták Vít
e6e9d4c940 Added API endpoint for statistics. 2018-03-21 10:15:28 +01:00
Šesták Vít
dcc109a729 Added support for scanning transitive dependencies for .NET libraries (except those with unlimited set of supported TMFs). 2018-03-07 13:59:43 +01:00
Šesták Vít
d87535df84 Added warning for WebJars other than NPM. 2018-03-02 15:57:42 +01:00
Šesták Vít
15f8319de9 Added API for lisling vulnerabilities 2018-03-02 07:43:07 +01:00
Šesták Vít
d56ffbccc6 Makes also working directory fixed for a single scan. Also, ODC path is resolved from working directory. As a result, one can atomically swap symlinks without affecting ongoing scans. 2018-02-28 17:16:07 +01:00
Šesták Vít
bc2e6589fb Make ODC installation fixed during a single scan. As a result, one can atomically swap symlinks without affecting ongoing scans. 2018-02-28 13:07:36 +01:00
Šesták Vít
9836c5040f Fix support for empty CVSS score tags. 2018-02-14 15:42:03 +01:00
Šesták Vít
e766abf38c Adapted for current ODC output format 2018-02-14 09:21:42 +01:00
Šesták Vít
8095deae70 Fixed handling of slightly diverging dependencies (e.g., different filename) when comparing scans. It used to be considered as two separate dependencies. This caused such dependencies to appear in both added and removed dependencies. 2018-02-05 10:36:47 +01:00
Šesták Vít
d57b9aeb97 Added support for installed plugins in Maven scans. 2017-12-20 15:06:12 +01:00
Šesták Vít
5f9546934e When comparing, also list vulnerable dependencies 2017-12-08 17:08:59 +01:00
Šesták Vít
644bd3b539 Give more information when comparing commits. 2017-12-08 15:58:08 +01:00
Šesták Vít
9343619ca9 Initial support for virtual dependencies. 
Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
 2017-12-08 12:20:07 +01:00
Šesták Vít
39ba123efc Added support for comparison of scans 2017-12-08 10:18:25 +01:00
Šesták Vít
2e21f78105 Added search for newer NuGet 2017-11-15 16:28:31 +01:00
Šesták Vít
0735ef5dd2 Added a minor comment 2017-11-15 16:28:02 +01:00
Šesták Vít
53890026b4 Removed unneeded library 2017-10-16 16:56:57 +02:00
Šesták Vít
65232504cb Updated confidence highlighting 2017-10-16 09:24:55 +02:00
Šesták Vít
2a95b07b54 Added more fail safety for vulnerability export. 
This should affect all exports when a vulnerability disappears.
 2017-10-11 16:54:40 +02:00
Šesták Vít
cdb31dcc4e Failsafe behavior for e-mail notifications. 
If the vulnerability is not found, it now does its best for providing relevant information. Even if no additional information (other than vulnerability identifier) can be provided, it does not cause an exception when sending e-mail. Which is the main point of this improvement.
 2017-10-11 15:48:20 +02:00
Šesták Vít
8688ffd730 Added identifier confidence 2017-10-09 15:46:23 +02:00
Šesták Vít
1097e77d1c Preffer CPE identifiers 2017-10-09 15:01:04 +02:00
Šesták Vít
e43cee7743 E-mail export: More descriptive error message when some vulnerability is missing 2017-10-06 11:05:57 +02:00
Šesták Vít
876086ce3f Fixed issue with newlines in JIRA export 2017-10-06 10:06:53 +02:00
Šesták Vít
629b42d943 Added throttling to JIRA in order to make it more server friendly 2017-09-11 23:48:38 +02:00
Šesták Vít
a155188fec Fixed affected projects not appearing in some views 2017-08-02 09:55:41 +02:00
Šesták Vít
f8e073cc54 .NET scans are now able to detect a missing library 2017-08-01 16:26:55 +02:00
Šesták Vít
4ac4b7b501 Improved main library detection for .NET 2017-08-01 16:14:55 +02:00
Šesták Vít
9a93099f60 Added config option for NuGet -source 2017-08-01 16:04:19 +02:00
Šesták Vít
22e4cff12b Added .NET scans. 2017-08-01 15:28:34 +02:00
Šesták Vít
b23cc3e3dc Menu made smaller in order to better fit all the items 2017-08-01 09:47:04 +02:00
Šesták Vít
5534b442dc Removed a legacy buildfile 2017-07-31 16:20:22 +02:00
Šesták Vít
bff5478355 Added a missing note for ODC config 2017-07-31 16:19:49 +02:00
Šesták Vít
2d1198d7cc Changed plot descriptions 2017-07-31 16:19:28 +02:00
Šesták Vít
0ec8928ff7 Moved Status to “…” 2017-07-31 16:19:13 +02:00
Šesták Vít
2049759430 Added new ODC scans for Java libraries. Those can scan even transitive dependencies and can be run before adding a new library to a project. 2017-07-31 14:35:03 +02:00
Šesták Vít
bb0089cd97 Added forgotten file 2017-06-28 10:49:29 +02:00
Šesták Vít
420a765dc4 Added a proper error message for a missing library 2017-06-28 09:15:55 +02:00
Šesták Vít
ffabc8a4e5 Added support for brand 2017-06-21 13:06:35 +02:00
Šesták Vít
b00857368a Added throttling to reduce Bamboo peak load and number of concurrent connections 2017-06-21 10:18:39 +02:00
Šesták Vít
c55c37fa9a Added a standalone page for library 2017-06-20 01:16:32 +02:00
Šesták Vít
2d0651cfc7 Minor hashes refactoring 2017-06-19 13:09:17 +02:00
Šesták Vít
e732e2fbb9 Minor markup cleanup 2017-06-19 10:53:49 +02:00
Šesták Vít
74ab645475 Added list of all project, including those not included by the filter 2017-06-15 17:30:15 +02:00
Šesták Vít
79584020b2 Few library version bumps 2017-05-28 23:06:56 +02:00
Šesták Vít
70f263baaa Adjusted sorting 2017-05-23 15:45:31 +02:00
Šesták Vít
ef1d434871 Fix for notifications: When a vulnerability reappears, it should not try to recreate a ticket for it 2017-04-05 13:14:49 +02:00