dependency-check-plugin icon indicating copy to clipboard operation
dependency-check-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Fixed aggregation of multiple odc-report files.

Open mum-viadee opened this issue 1 year ago • 1 comments

This fix will resolve multiple issues reported for the dependency check publisher. The aggregation of multiple files had a serious mistake in the way it processed multiple files. It created a ResultAction for every single report file found, aggregated the severity of all files, but only kept the findings of the last found report file.

This shout fix the following open issues:

  • https://issues.jenkins.io/browse/JENKINS-62402
  • https://issues.jenkins.io/browse/JENKINS-60108
  • https://issues.jenkins.io/browse/JENKINS-59200
  • https://issues.jenkins.io/browse/JENKINS-59076
  • https://issues.jenkins.io/browse/JENKINS-58610
  • https://issues.jenkins.io/browse/JENKINS-58523

mum-viadee avatar Jul 26 '22 12:07 mum-viadee

Thanks for the fix! Any chances to merge it in the near future? With this bug it's impossible to create reasonable reports for mono-repos (Maven/Gradle with OWASP plugin + OWASP CLI for npm packages).

markiewiczart avatar Sep 23 '22 22:09 markiewiczart

I refactored the aggregation of the findings into a separate class and corrected the inconsistent identations.

mum-viadee avatar Oct 06 '22 09:10 mum-viadee

Hi @markiewiczart any further remarks?

mum-viadee avatar Oct 06 '22 09:10 mum-viadee

@mum-viadee could you fix conflict and squash to a single commit referring to "[JENKINS-58610] Running dependencyCheckPublisher doesn't aggregate reports correctly" ?

nfalco79 avatar Oct 10 '22 20:10 nfalco79

@mum-viadee could you fix conflict and squash to a single commit referring to "[JENKINS-58610] Running dependencyCheckPublisher doesn't aggregate reports correctly" ?

That seems to have been resolved. :-)

mum-viadee avatar Oct 11 '22 05:10 mum-viadee