Add OWASP dependency check issue parser #1117
Conversation
|
I assume this does not have the same SECURITY-2488 XXE vulnerability as the OWASP Dependency-Check plugin. |
| } | ||
|
|
||
| /** Descriptor for this static analysis tool. */ | ||
| @Symbol("owaspDependencyCheck") |
There was a problem hiding this comment.
Did you check if this ID is not already used by the original OwaspDependencyCheck plugin?
There was a problem hiding this comment.
The OWASP Dependency-Check plugin has:
@Symbol("dependency-check")@Symbol("dependencyCheckPublisher")@Symbol({"dependencyCheck", "dependencycheck"})
Pipeline Step Reference doesn't list any others for that plugin, either.
Actually the parser uses JSON. (And all parsers in the warnings plugin correctly use a safe parser: https://github.com/jenkinsci/analysis-model/blob/master/src/main/java/edu/hm/hafner/analysis/SecureXmlParserFactory.java)) |
Codecov Report
@@ Coverage Diff @@
## master #1117 +/- ##
============================================
+ Coverage 79.72% 79.74% +0.01%
- Complexity 1476 1477 +1
============================================
Files 243 244 +1
Lines 5372 5376 +4
Branches 420 420
============================================
+ Hits 4283 4287 +4
Misses 933 933
Partials 156 156
Continue to review full report at Codecov.
|
sirius94
force-pushed
the
add-owasp-dependency-checker
branch
from
37bc6a1
to
1d616f0
Compare
|
Do not use force push after we made a review. Otherwise it is hard to see what changed since the review. |
This PR is a continuation of jenkinsci/analysis-model#708 and depends on #1115