-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor
-
Component/s: dependency-check-jenkins-plugin
-
None
-
Environment:Jenkins-1.643, Windows, OWASP plugin 1.3.3
I have updated the OWASP dependency check plugin from version 1.3.1.2 to version 1.3.3 last week.
Since the update, the plugin ignores the supressions which I have defined in the supressions file. Note, that unlike in JENKINS-30023, it seems to find the supressions file correctly, at least as far as I can tell from the logfile:
... BUILD SUCCESSFUL Total time: 35 minutes 42 seconds [DependencyCheck] OWASP Dependency-Check Plugin v1.3.3 [DependencyCheck] Executing Dependency-Check with the following options: [DependencyCheck] -name = Trunk_BuildInstaller [DependencyCheck] -scanPath = C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\PFiles [DependencyCheck] -scanPath = C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\PData [DependencyCheck] -outputDirectory = C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\test-reports\owasp [DependencyCheck] -dataDirectory = /owasp-dependency-check-data [DependencyCheck] -verboseLogFile = C:\Jenkins\workspace\Trunk_BuildInstaller\dependency-check.log [DependencyCheck] -suppressionFile = C:\Jenkins\workspace\Trunk_BuildInstaller\TE\source\OWASP-Dependency-Check-Suppression.xml [DependencyCheck] -zipExtensions = war,zip [DependencyCheck] -dataMirroringType = none [DependencyCheck] -isQuickQueryTimestampEnabled = true [DependencyCheck] -useMavenArtifactsScanPath = false [DependencyCheck] -jarAnalyzerEnabled = true [DependencyCheck] -nodeJsAnalyzerEnabled = true [DependencyCheck] -composerLockAnalyzerEnabled = true [DependencyCheck] -pythonAnalyzerEnabled = true [DependencyCheck] -rubyGemAnalyzerEnabled = true [DependencyCheck] -archiveAnalyzerEnabled = true [DependencyCheck] -assemblyAnalyzerEnabled = true [DependencyCheck] -centralAnalyzerEnabled = true [DependencyCheck] -nuspecAnalyzerEnabled = true [DependencyCheck] -nexusAnalyzerEnabled = false [DependencyCheck] -autoconfAnalyzerEnabled = true [DependencyCheck] -cmakeAnalyzerEnabled = true [DependencyCheck] -opensslAnalyzerEnabled = true [DependencyCheck] -showEvidence = true [DependencyCheck] -format = ALL [DependencyCheck] -autoUpdate = true [DependencyCheck] -updateOnly = false [DependencyCheck] Scanning: C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\PFiles [DependencyCheck] Scanning: C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\PData [DependencyCheck] Analyzing Dependencies [FINDBUGS] Collecting findbugs analysis files... ... [FINDBUGS] Plug-in Result: Success - no threshold has been exceeded [DependencyCheck] Collecting Dependency-Check analysis files... [DependencyCheck] Finding all files that match the pattern TE/antbuild/test-reports/owasp/dependency-check-report.xml [DependencyCheck] Parsing 1 file in C:\Jenkins\workspace\Trunk_BuildInstaller [DependencyCheck] Successfully parsed file C:\Jenkins\workspace\Trunk_BuildInstaller\TE\antbuild\test-reports\owasp\dependency-check-report.xml with 32 unique warnings and 0 duplicates. [DependencyCheck] Computing warning deltas based on reference build #2688 ....
Notice, that I did not change anything to the configuration. It worked with 1.3.1.2 but does not in 1.3.3.
Any Idea?
