-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OWASP dependency check issue parser #1117
Add OWASP dependency check issue parser #1117
Conversation
I assume this does not have the same SECURITY-2488 XXE vulnerability as the OWASP Dependency-Check plugin. |
} | ||
|
||
/** Descriptor for this static analysis tool. */ | ||
@Symbol("owaspDependencyCheck") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you check if this ID is not already used by the original OwaspDependencyCheck plugin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The OWASP Dependency-Check plugin has:
@Symbol("dependency-check")
@Symbol("dependencyCheckPublisher")
@Symbol({"dependencyCheck", "dependencycheck"})
Pipeline Step Reference doesn't list any others for that plugin, either.
Actually the parser uses JSON. (And all parsers in the warnings plugin correctly use a safe parser: https://github.com/jenkinsci/analysis-model/blob/master/src/main/java/edu/hm/hafner/analysis/SecureXmlParserFactory.java)) |
Codecov Report
@@ Coverage Diff @@
## master #1117 +/- ##
============================================
+ Coverage 79.72% 79.74% +0.01%
- Complexity 1476 1477 +1
============================================
Files 243 244 +1
Lines 5372 5376 +4
Branches 420 420
============================================
+ Hits 4283 4287 +4
Misses 933 933
Partials 156 156
Continue to review full report at Codecov.
|
37bc6a1
to
1d616f0
Compare
Do not use force push after we made a review. Otherwise it is hard to see what changed since the review. |
This PR is a continuation of jenkinsci/analysis-model#708 and depends on #1115