-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement version security checks #103
Labels
enhancement
New feature or request
Comments
Currently it seems that only |
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Oct 25, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Nov 15, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Nov 16, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Nov 24, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 5, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 6, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 14, 2023
ignore cves list, remove some analyzers, more test for version ranges like >, some cpe vendors and products to updaters
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 19, 2023
…implement-version-security-checks # Conflicts: # cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java # cli/src/test/java/com/devonfw/tools/ide/context/AbstractIdeContextTest.java
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 19, 2023
…e-with-open-intervals' into feature/devonfw#103-implement-version-security-checks # Conflicts: # cli/src/test/java/com/devonfw/tools/ide/version/VersionRangeTest.java
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 19, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 19, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 19, 2023
if a single warning affects all versions, it is ignored
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 21, 2023
also SecurityRiskInteraction returns configured version and latest version when possible. conversion between cpe and ulr version more rebust by using map and inverse function where map fails. Added asciidoc
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 22, 2023
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Dec 22, 2023
- changed pom.xml - getCpeEdition now has argument, since there is only a single UrlUpdater for multiple editions of a tool - some cleanup
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 2, 2024
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 2, 2024
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 20, 2024
…evonfw#103-implement-version-security-checks # Conflicts: # cli/src/main/java/com/devonfw/tools/ide/url/updater/UpdateManager.java # cli/src/main/java/com/devonfw/tools/ide/version/BoundaryType.java # cli/src/main/java/com/devonfw/tools/ide/version/VersionRange.java # cli/src/test/java/com/devonfw/tools/ide/version/VersionRangeTest.java
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 20, 2024
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 20, 2024
- fixed pom bug - fixed bug in BuildSecurityJsonFiles due to moved method that was introduced in the merge of main into this branch
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 20, 2024
- bug when creating version range from single version was fixed
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 21, 2024
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 21, 2024
- renamed methods in SystemPath - split long method securityRiskInteraction into componets
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 25, 2024
https://www.github.com/MattesMrzik/IDEasy into feature/devonfw#103-implement-version-security-checks # Conflicts: # security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 25, 2024
for BuildSecurityJsonFiles.addVulnerabilityToSecurityFile
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 25, 2024
MattesMrzik
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Jan 26, 2024
- removed this.paths.add(path) in method SystemPath.addPath() - linked new issue to TODO - added some java doc
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 19, 2024
…ty-checks # Conflicts: # cli/src/main/java/com/devonfw/tools/ide/tool/LocalToolCommandlet.java # cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java # cli/src/main/java/com/devonfw/tools/ide/url/updater/UpdateManager.java # documentation/LICENSE.asciidoc
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 19, 2024
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 19, 2024
removed default getEdition override from tools changed getEdition to non abstract made getIntellijJsonRelease public
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 19, 2024
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 19, 2024
added dependencyManagement to root pom.xml added owasp version property to root pom.xml renamed security artifact to ide-security
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 22, 2024
…ty-checks # Conflicts: # cli/src/test/java/com/devonfw/tools/ide/context/AbstractIdeContextTest.java # cli/src/test/resources/ide-projects/basic/_ide/urls/mvn/mvn/security.json
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 22, 2024
added missing answers param to newContext
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 22, 2024
fixed pom versions applied reformat
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 23, 2024
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 23, 2024
renamed retrievePath to getPath renamed addPath to setPath
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 23, 2024
added javadocs
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 23, 2024
removed warnings from security json
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 26, 2024
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 29, 2024
added missing CPE vendors/products
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 29, 2024
adjusted getCpeVendor and getCpeProduct to return the tool name instead of an empty string removed unused urlEdition param from getCpeEdition added workaround for intellij #1378 fixed NPE's (added checks for missing UrlUpdaters)
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Feb 29, 2024
I've added a first batch of security files in this PR: devonfw/ide-urls#15 |
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Apr 2, 2024
…ty-checks # Conflicts: # cli/pom.xml # cli/src/main/java/com/devonfw/tools/ide/common/SystemPath.java # cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java # cli/src/test/java/com/devonfw/tools/ide/context/AbstractIdeContextTest.java # documentation/LICENSE.adoc
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Apr 2, 2024
added missing answers to IdeTestContext
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Apr 2, 2024
jan-vcapgemini
added a commit
to MattesMrzik/IDEasy
that referenced
this issue
Apr 2, 2024
renamed SAFE_LATEST to LATEST
After discussing this issue we have to answer following questions.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a IDEasy user, I want to get security warnings if I am using outdated software with critical known CVEs so that I can keep my software secure.
This is the devonfw-ide story 1106 to be implemented for IDEasy.
ATTENTION: There is a specialty for
git
that is not typically managed by IDEasy (what might change see #47). For this also have a look at the old PR implementing this story in devonfw-ide.The text was updated successfully, but these errors were encountered: