Create HTML report that works without JavaScript

[chovyy]

Is your feature request related to a problem? Please describe.
Currently it is not possible to embed a proper working HTML report of Dependency Check into Jenkins. This is because the HTML report relys on some JavaScript functionalities (e.g. for expanding/collapsing some content etc.), but Jenkins has a Content Security Policy (CSP) that prohibits the execution of embedded JavaScript, see also #2213. This might applies to other build or SLM tools.

Describe the solution you'd like
It would be nice to have a least the option to create a JavaScript-free HTML report that shows all content without the need of JavaScript-based expanding/collapsing and so on. Some minor functionalities might be left out.

Describe alternatives you've considered
An alternative is to loosen the Jenkins CSP, but that possibly leads to security issues in other contexts.

Additional context
The problem behind this issue is already discussed in #2213.

[jeremylong]

As mentioned previously - the CSP can be modified: https://www.jenkins.io/doc/book/security/configuring-content-security-policy/

Many Jenkins users also generate the junit report so the CVEs end up showing as failures - but I do see the value in an HTML report that does not include JavaScript.

[OrangeDog]

Note that there is also a plugin that will generate integrated Jenkins reports from the xml output.

[chovyy]

That's right, but afaik this plugin has no pipeline support so far.

UPDATE: Sorry, that was wrong. There is actually a pipeline reference page.

[chovyy]

@jeremylong: Great work, thanks a lot! 👍 But afais, the new format option JENKINS is still missing in the docs.