Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30023

OWASP Dependency-Check Plugin does not respect supressions anymore

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • dependency-check-jenkins-plugin
    • Windows 2012 32bit, Oracle Java 1.7.0_25, Jenkins 1.6.24, OWASP Dependency Check Plugin 1.3.0

      After upgrading the OWASP Dependency Check Plugin to Version 1.3.0, all of my suppressions provided in a supressions file are ignored. I checked twice, that it occurs only with the new version 1.3.0 by downgrading to version 1.2.11.1 (where the supressions work) and forth to 1.3.0 where they do not work.
      Attached a screenshot from our configuration, the supression file itself and statistics after installing 1.3.0 and the DependencyCheckReport (showing that there are no suppressions).

        1. 2015-08-19_Trunk_BuildInstaller [Jenkins]2.png
          13 kB
          Markus Schlegel
        2. 2015-08-19_Trunk_BuildInstaller Config [Jenkins].png
          19 kB
          Markus Schlegel
        3. config.JPG
          50 kB
          Alex Mondshain
        4. Dependency-Check Report.html
          1.44 MB
          Markus Schlegel
        5. log1.2.11.1.JPG
          57 kB
          Alex Mondshain
        6. log1.3.1.JPG
          47 kB
          Alex Mondshain
        7. OWASP-Dependency-Check-Suppression.xml
          1 kB
          Markus Schlegel

            sspringett Steve Springett
            schlegel_m Markus Schlegel
            Votes:
            4 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: