-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 2.401.1
depencency-check-plugin 5.4.0
It would be nice if the dependency check results could be available in the Jenkins remote REST API.
The severity distribution could be added the same way as the JUnit does it.
For JUnit you can get the test failures using
curl http://localhost:8080/jenkins/job/Test/lastSuccessfulBuild/api/json | jq '.actions | map(select(._class=="hudson.tasks.junit.TestResultAction")) | .[0]'
resulting in
{
"_class": "hudson.tasks.junit.TestResultAction",
"failCount": 0,
"skipCount": 2,
"totalCount": 975,
"urlName": "testReport"
}
The proposed solution for OWASP plugin could be
curl http://localhost:8080/jenkins/job/Test/lastSuccessfulBuild/api/json | jq '.actions | map(select(._class=="org.jenkinsci.plugins.DependencyCheck.ResultAction")) | .[0]'
resulting in
{
"_class": "org.jenkinsci.plugins.DependencyCheck.ResultAction",
"criticalCount": 0,
"highCount": 5,
"infoCount": 0,
"lowCount": 1,
"mediumCount": 1,
"unassignedCount": 0
}
In addition we could also expose the complete findings incl. all details. A proposed solution could be
$ curl http://localhost:8080/jenkins/job/Test/lastSuccessfulBuild/dependency-check-findings/findings | jq '.'
which will just return the (internal) findings model as json.
It might be a good idea to think about not exposing the internal findings model but instead design a separate API model in order to decouple the internal stuff from the outside.
Added first draft/sketch of the proposed solution stated in the description, see https://github.com/jenkinsci/dependency-check-plugin/pull/107
Just did some manual testing