[JIRA] (JENKINS-58386) Add v4 xml parser

9 views
Skip to first unread message

james@howeswho.co.uk (JIRA)

unread,
Jul 8, 2019, 11:35:03 AM7/8/19
to jenkinsc...@googlegroups.com
James Howe created an issue
 
Jenkins / Improvement JENKINS-58386
Add v4 xml parser
Issue Type: Improvement Improvement
Assignee: Unassigned
Components: dependency-check-jenkins-plugin
Created: 2019-07-08 15:34
Priority: Minor Minor
Reporter: James Howe

To aid in migrations, especially when using native plugins to run the dependency check. Otherwise it's not possible to publish a report when building a previous version (and even worse, there's no error - JENKINS-58384).

It's also odd that the plugin supports installing previous versions of the CLI, but is not able to use them.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

james@howeswho.co.uk (JIRA)

unread,
Jul 8, 2019, 11:54:02 AM7/8/19
to jenkinsc...@googlegroups.com
James Howe updated an issue
Change By: James Howe
To aid in migrations, especially when using native plugins to run the dependency check , and the increase in false-positives with v5 . Otherwise
Perhaps more importantly, it's not possible to publish a report when building a previous version (and even worse, there's no error - JENKINS-58384).


It's also odd that the plugin supports installing previous versions of the CLI, but is not able to use them.

james@howeswho.co.uk (JIRA)

unread,
Jul 8, 2019, 11:58:01 AM7/8/19
to jenkinsc...@googlegroups.com
James Howe commented on Improvement JENKINS-58386
 
Re: Add v4 xml parser

As the previous version of the plugin appeared able to parse the v5 xml reports, this cannot be too much work.

james@howeswho.co.uk (JIRA)

unread,
Jul 8, 2019, 11:58:02 AM7/8/19
to jenkinsc...@googlegroups.com
James Howe updated an issue
Change By: James Howe
Environment: dependency-check 5.0

steve.springett@owasp.org (JIRA)

unread,
Jul 10, 2019, 9:34:02 PM7/10/19
to jenkinsc...@googlegroups.com

v5 of the Jenkins plugin is not backward compatible. If v4 reports will be used, v4 of the plugin should be used as well.

 

There are no plans on supporting the v4 data model in v5.

https://github.com/jenkinsci/dependency-check-plugin/wiki/v5-Migration

 

As the plugin is open source, you're free to fork the plugin and create a version that is backward compatible for your own purposes.

steve.springett@owasp.org (JIRA)

unread,
Jul 10, 2019, 9:34:03 PM7/10/19
to jenkinsc...@googlegroups.com
Steve Springett closed an issue as Won't Do
Change By: Steve Springett
Status: Open Closed
Resolution: Won't Do
Reply all
Reply to author
Forward
0 new messages