Jeremy Long
Jeremy Long
Due to situations like https://github.com/jeremylong/DependencyCheck/issues/4670, https://github.com/jeremylong/DependencyCheck/issues/4671, https://github.com/jeremylong/DependencyCheck/issues/4677, https://github.com/jeremylong/DependencyCheck/issues/4690 - ODC needs to be able to respond faster and provide an updated suppression file when situations like this occur. 1. Implement...
Supersedes #4687 Fixes https://github.com/jeremylong/DependencyCheck/issues/4685 This might be useful to some - a log message has been added when a non-base suppression rule was not used.
The OWASP Java Encoder is a high performance encoding library. While I understand this is adding a dependency - the encoder project itself has not dependencies and is a very...
To make selecting which configurations are being scanned more robust regular expressions should be added to `scanConfigurations` and `skipConfigurations`. For backward compatability we should leave the current scan/skip configuration options...
1. Correct versions that included a purl with an un-encoded colon in the version (test-suite-data.json:88). Per [purl-spec#character-encoding](https://github.com/package-url/purl-spec#character-encoding) > the '#', '?', '@' and ':' characters must NOT be encoded when...
A recent [ticket](https://github.com/jeremylong/DependencyCheck/issues/2282) on my project, which uses the `appassembler` plugin, indicates that the script generated by `appassembler` fails when JAVA_OPTS contains spaces and quotes. See https://github.com/jeremylong/DependencyCheck/issues/2282 as a reference....
### Package URl pkg:maven/org.vaadin.addon/[email protected] ### CPE `cpe:2.3:a:vaadin:vaadin:8.0.1:*:*:*:*:*:*:*` ### CVE _No response_ ### ODC Integration {"label"=>"Maven Plugin"} ### ODC Version 7.1.1 ### Description _No response_
The NVD will be retiring the NVD data feeds in 2023. See [changes to feeds and APIs](https://nvd.nist.gov/General/News/changes-to-feeds-and-apis). ODC needs to migrate to the NVD's API. Current concerns: 1. How will...
Per #281 when `addInfoToDependencies` was updated one call was missed. This PR corrects the oversight and allows ODC to be used on older versions of gradle.
We just released 5.0.0 of the core library. There were several breaking changes in this release. See the release notes for 5.0.0-M1, M2, M3, and the final 5.0.0 release: https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md...