New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create HTML report that works without JavaScript #5039
Comments
As mentioned previously - the CSP can be modified: https://www.jenkins.io/doc/book/security/configuring-content-security-policy/ Many Jenkins users also generate the junit report so the CVEs end up showing as failures - but I do see the value in an HTML report that does not include JavaScript. |
Note that there is also a plugin that will generate integrated Jenkins reports from the xml output. |
That's right, but afaik this plugin has no pipeline support so far. UPDATE: Sorry, that was wrong. There is actually a pipeline reference page. |
@jeremylong: Great work, thanks a lot! 👍 But afais, the new format option |
Is your feature request related to a problem? Please describe.
Currently it is not possible to embed a proper working HTML report of Dependency Check into Jenkins. This is because the HTML report relys on some JavaScript functionalities (e.g. for expanding/collapsing some content etc.), but Jenkins has a Content Security Policy (CSP) that prohibits the execution of embedded JavaScript, see also #2213. This might applies to other build or SLM tools.
Describe the solution you'd like
It would be nice to have a least the option to create a JavaScript-free HTML report that shows all content without the need of JavaScript-based expanding/collapsing and so on. Some minor functionalities might be left out.
Describe alternatives you've considered
An alternative is to loosen the Jenkins CSP, but that possibly leads to security issues in other contexts.
Additional context
The problem behind this issue is already discussed in #2213.
The text was updated successfully, but these errors were encountered: