Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to manually specify addtional CPE entries to be checked. #361

Merged
merged 3 commits into from
Mar 15, 2024
Merged

Add the ability to manually specify addtional CPE entries to be checked. #361

merged 3 commits into from
Mar 15, 2024

Conversation

gordoninnes
Copy link
Contributor

@gordoninnes gordoninnes commented Nov 10, 2023
edited
Loading

This change allows adding CPEs to be included in analysis for dependencies that might not be picked up during scans.

For example to add in a dependency on PostgresSQL:

dependencyCheck {
  additionalCpes {
    postgreSql {
      description = "PostgreSQL"
      cpe = "cpe:2.3:a:postgresql:postgresql:${postgresqlVersion}:*:*:*:*:*:*:*"
     }
  }
}

@jeremylong
Copy link
Collaborator

I have some larger work to complete in the core library before I can review this PR.

@gordoninnes
Copy link
Contributor Author

No worries! I appreciate you having a look. I've used these changes locally but would be nice not to have to maintain our own separate build. Hopefully it's a useful feature for others.

jeremylong
jeremylong requested changes Jan 17, 2024
View reviewed changes
Copy link
Collaborator

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of minor changes will help with some of the reports.

src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy Outdated Show resolved Hide resolved
src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy Show resolved Hide resolved
@gordoninnes
Copy link
Contributor Author

Thanks. I've committed those changes.

jeremylong
jeremylong previously approved these changes Jan 18, 2024
View reviewed changes
Copy link
Collaborator

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gordoninnes
Copy link
Contributor Author

Had to push a fix to get your changes in properly 😞 Can you review again please?

jeremylong
jeremylong approved these changes Jan 21, 2024
View reviewed changes
Copy link
Collaborator

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jeremylong jeremylong merged commit 4cffcda into dependency-check:main Mar 15, 2024
2 checks passed
@jeremylong
Copy link
Collaborator

sorry about the delay - this is being released today. I've unfortunately had a ton of other work outside of my OSS contributions consuming my time. Thanks again for the PR.

@jeremylong jeremylong added this to the 9.0.10 milestone Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremylong jeremylong jeremylong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
9.0.10
Development

Successfully merging this pull request may close these issues.
2 participants
@gordoninnes @jeremylong