Giter Site home page Giter Site logo

Comments (6)

jeremylong avatar jeremylong commented on August 28, 2024

Can you share your configuration? What version are you using? I just tested this with the current snapshot (1.4.3-SNAPSHOT) and it detected the vulnerability. See attached:
gradel-test.zip

from dependency-check-gradle.

ajaytestacc avatar ajaytestacc commented on August 28, 2024

Version: 1.4.2
apply plugin: "org.owasp.dependencycheck" buildscript { repositories { maven { url "https://plugins.gradle.org/m2/" } } dependencies { classpath "gradle.plugin.org.owasp:dependency-check-gradle:1.4.2" } }

screen shot 2016-09-06 at 12 54 26 pm

from dependency-check-gradle.

ajaytestacc avatar ajaytestacc commented on August 28, 2024

Thanks @jeremylong
Updated current version org.owasp:dependency-check-gradle:1.4.3 and it's working now

from dependency-check-gradle.

stefanneuhaus avatar stefanneuhaus commented on August 28, 2024

Observations:

I observed a very similar issue with 1.4.2:

  • Locally dependencyCheckUpdate failed reproducibly saying Unable to connect to the dependency-check database. Though the fetched database had a reasonable size of ~265 MB. dependencyCheck successfully detected a bunch of vulnerabilities, but it did not detect CVE-2016-3720.
  • On the CI server CVE-2016-3720 was detected.

After upgrade to 1.4.3:

  • Locally dependencyCheck still did not detect CVE-2016-3720 (with the presumably corrupted DB). But now it detected CVE-2015-6420 for the first time.
  • After clearing the DB, dependencyCheckUpdate successfully fetched the DB and dependencyCheck detected CVE-2016-3720. It also detected CVE-2016-3092 for the first time. I could verify this behavior twice in a row.

Conclusion:

Regarding this "Unable to detect known vulnerability in gradle plugin" issue, to me it seems like 1.4.3 fixed some issue with fetching the database, which was the actual root cause.

from dependency-check-gradle.

jeremylong avatar jeremylong commented on August 28, 2024

Your conclusion is correct. I will be posting information about this on the mailing list and twitter shortly. I am just waiting for the updated Jenkins plugin to be updated.

from dependency-check-gradle.

lock avatar lock commented on August 28, 2024

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from dependency-check-gradle.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.