pull

jeremylong · Oct 24, 2020 · f83966e · f83966e
2 parents 545538e + ffe3938
commit f83966e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 10 deletions.
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -1662,16 +1662,16 @@ public void execute() throws BuildException {
                 }
             }
             final ExceptionCollection exceptions = callExecuteAnalysis(engine);
-
-            for (String format : getReportFormats()) {
-                engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
-            }
-
-            if (this.failBuildOnCVSS <= 10) {
-                checkForFailure(engine.getDependencies());
-            }
-            if (this.showSummary) {
-                DependencyCheckScanAgent.showSummary(engine.getDependencies());
+            if (exceptions == null || !exceptions.isFatal()) {
+                for (String format : getReportFormats()) {
+                    engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
+                }
+                if (this.failBuildOnCVSS <= 10) {
+                    checkForFailure(engine.getDependencies());
+                }
+                if (this.showSummary) {
+                    DependencyCheckScanAgent.showSummary(engine.getDependencies());
+                }
             }
         } catch (DatabaseException ex) {
             final String msg = "Unable to connect to the dependency-check database; analysis has stopped";

diff --git a/core/src/main/resources/dependencycheck-base-suppression.xml b/core/src/main/resources/dependencycheck-base-suppression.xml
@@ -205,6 +205,7 @@
             44. <cve>CVE-2020-10663</cve> is a ruby vulnerability
             45. Facebook is not a dependency
             46. gitlab is not a depenency #2567 and is built using ruby
+            47. DeleGate is a C-language application #2435
         ]]></notes>
         <filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec|aar)|pom\.xml|package.json|packages.config)$</filePath>
         <cpe>cpe:/a:sandbox:sandbox</cpe>
@@ -256,6 +257,7 @@
         <cve>CVE-2020-10663</cve>
         <cpe>cpe:/a:facebook:facebook</cpe>
         <cpe>cpe:/a:gitlab:gitlab</cpe>
+        <cpe>cpe:/a:delegate:delegate</cpe>
     </suppress>
     <suppress base="true">
         <notes><![CDATA[
@@ -3756,4 +3758,12 @@
         <cpe>cpe:/a:gpg-pgp_project::gpg-pgp</cpe>
         <cpe>cpe:/a:openpgp:openpgp</cpe>
     </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        False positive per  #1749
+        JCraft's agentproxy is a proxy to ssh-agent and Pageant, not the pure-Java SSH2 implementation Jsch
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.jcraft/jsch\.agentproxy.*$</packageUrl>
+        <cpe>cpe:/a:jcraft:jsch</cpe>
+    </suppress>
 </suppressions>