[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold
[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-693: Fix Version/s: 2.3.4 2.4.2 > Check for CVE/CVSS scores and fail build is severity is over a threshold > > > Key: WSS-693 > URL: https://issues.apache.org/jira/browse/WSS-693 > Project: WSS4J > Issue Type: Improvement >Reporter: Rob Leland >Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 2.3.4, 2.4.2 > > > 1) Update use of dependency-check plugin to fail build if a component has a > CVE over 6. > 2) Provide a suppression file to ignore findings > 3) Exclude Runtime environments such a JDK version from consideration in > findings. > > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold
[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rob Leland updated WSS-693: --- Description: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 6. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. was: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 6. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. PR: https://github.com/apache/ws-wss4j/pull/43/files > Check for CVE/CVSS scores and fail build is severity is over a threshold > > > Key: WSS-693 > URL: https://issues.apache.org/jira/browse/WSS-693 > Project: WSS4J > Issue Type: Improvement >Reporter: Rob Leland >Assignee: Colm O hEigeartaigh >Priority: Minor > > 1) Update use of dependency-check plugin to fail build if a component has a > CVE over 6. > 2) Provide a suppression file to ignore findings > 3) Exclude Runtime environments such a JDK version from consideration in > findings. > > -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold
[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rob Leland updated WSS-693: --- Description: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 6. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. PR: https://github.com/apache/ws-wss4j/pull/43/files was: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 6. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. PR to follow. > Check for CVE/CVSS scores and fail build is severity is over a threshold > > > Key: WSS-693 > URL: https://issues.apache.org/jira/browse/WSS-693 > Project: WSS4J > Issue Type: Improvement >Reporter: Rob Leland >Assignee: Colm O hEigeartaigh >Priority: Minor > > 1) Update use of dependency-check plugin to fail build if a component has a > CVE over 6. > 2) Provide a suppression file to ignore findings > 3) Exclude Runtime environments such a JDK version from consideration in > findings. > > PR: https://github.com/apache/ws-wss4j/pull/43/files -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold
[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rob Leland updated WSS-693: --- Description: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 6. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. PR to follow. was: 1) Update use of dependency-check plugin to fail build if a component has a CVE over 8. 2) Provide a suppression file to ignore findings 3) Exclude Runtime environments such a JDK version from consideration in findings. PR to follow. > Check for CVE/CVSS scores and fail build is severity is over a threshold > > > Key: WSS-693 > URL: https://issues.apache.org/jira/browse/WSS-693 > Project: WSS4J > Issue Type: Improvement >Reporter: Rob Leland >Assignee: Colm O hEigeartaigh >Priority: Minor > > 1) Update use of dependency-check plugin to fail build if a component has a > CVE over 6. > 2) Provide a suppression file to ignore findings > 3) Exclude Runtime environments such a JDK version from consideration in > findings. > > PR to follow. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold
[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rob Leland updated WSS-693: --- Issue Type: Improvement (was: Test) > Check for CVE/CVSS scores and fail build is severity is over a threshold > > > Key: WSS-693 > URL: https://issues.apache.org/jira/browse/WSS-693 > Project: WSS4J > Issue Type: Improvement >Reporter: Rob Leland >Assignee: Colm O hEigeartaigh >Priority: Minor > > 1) Update use of dependency-check plugin to fail build if a component has a > CVE over 8. > 2) Provide a suppression file to ignore findings > 3) Exclude Runtime environments such a JDK version from consideration in > findings. > > PR to follow. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org