Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54838

OWASP Dependency-Check plugin loses trace of bcprov-jdk15on.jar vulnerabilities

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We're using the Dependency-Check Jenkins plugin version 3.3.4 to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 

      12 new vulnerabilities
      12 Fixed vulnerabilities

      And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: bcprov-jdk15on.jar

        Attachments

          Activity

          pachulo Marc P created issue -
          pachulo Marc P made changes -
          Field Original Value New Value
          Description We're using the Jenkins plugin to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 

          {{12 new vulnerabilities
          12 Fixed vulnerabilities}}

          And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: *bcprov-jdk15on.jar*

          *!https://user-images.githubusercontent.com/3256953/48907536-0e604600-ee68-11e8-86a3-c95710e01986.png!*

          *!https://user-images.githubusercontent.com/3256953/48907421-a9a4eb80-ee67-11e8-9e90-3ea378a70852.png!*
          We're using the Jenkins plugin to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 
          {code:java}
          12 new vulnerabilities
          12 Fixed vulnerabilities{code}
          And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: *bcprov-jdk15on.jar*

          *!https://user-images.githubusercontent.com/3256953/48907536-0e604600-ee68-11e8-86a3-c95710e01986.png!*

          *!https://user-images.githubusercontent.com/3256953/48907421-a9a4eb80-ee67-11e8-9e90-3ea378a70852.png!*
          sspringett Steve Springett made changes -
          Assignee Steve Springett [ sspringett ]
          pachulo Marc P made changes -
          Description We're using the Jenkins plugin to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 
          {code:java}
          12 new vulnerabilities
          12 Fixed vulnerabilities{code}
          And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: *bcprov-jdk15on.jar*

          *!https://user-images.githubusercontent.com/3256953/48907536-0e604600-ee68-11e8-86a3-c95710e01986.png!*

          *!https://user-images.githubusercontent.com/3256953/48907421-a9a4eb80-ee67-11e8-9e90-3ea378a70852.png!*
          We're using the Dependency-Check Jenkins plugin *version 3.3.4* to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 
          {code:java}
          12 new vulnerabilities
          12 Fixed vulnerabilities{code}
          And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: *bcprov-jdk15on.jar*

          *!https://user-images.githubusercontent.com/3256953/48907536-0e604600-ee68-11e8-86a3-c95710e01986.png!*

          *!https://user-images.githubusercontent.com/3256953/48907421-a9a4eb80-ee67-11e8-9e90-3ea378a70852.png!*
          sspringett Steve Springett made changes -
          Resolution Won't Do [ 10001 ]
          Status Open [ 1 ] Closed [ 6 ]

            People

            Assignee:
            sspringett Steve Springett
            Reporter:
            pachulo Marc P
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: