[CAM-14396] Include Swagger UI package-lock.json in vulnerability scan

Type: Task
Resolution: Unresolved
Priority: L3 - Default
Fix Version/s: None
Affects Version/s: None
Component/s: run
Labels:
None

Acceptance Criteria (Required on creation):

Make sure the OWASP Maven plugin picks up the package-lock.json in the ui subdirectory of the swagger ui module: https://github.com/camunda/camunda-bpm-platform/tree/7.17.0-alpha4/distro/run/modules/swaggerui/ui
Make sure assert is scanned too: https://github.com/camunda/camunda-bpm-assert

Hints (optional):

This is the controller panel for Smart Panels app

Thorben Lindhauer added a comment - 23/Feb/22 11:48 AM

Implementation notes:

The OWASP plugin defines a scanSet configuration property for where it looks for sources to scan: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html
With the change, it still picks up Maven dependencies declared in the pom file. I tested that with an old Spring version.

Thorben Lindhauer added a comment - 23/Feb/22 11:48 AM Implementation notes: The OWASP plugin defines a scanSet configuration property for where it looks for sources to scan: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html With the change, it still picks up Maven dependencies declared in the pom file. I tested that with an old Spring version.

Thorben Lindhauer added a comment - 25/Feb/22 4:31 PM

Reopening, because swagger ui is still not respected in the Scan performed by the github action.

Thorben Lindhauer added a comment - 25/Feb/22 4:31 PM Reopening, because swagger ui is still not respected in the Scan performed by the github action.

Thorben Lindhauer added a comment - 12/Oct/22 11:51 AM

This ticket was migrated to github: https://github.com/camunda/camunda-bpm-platform/issues/2699. Please use this link for any future references and continue any discussion there.

Thorben Lindhauer added a comment - 12/Oct/22 11:51 AM This ticket was migrated to github: https://github.com/camunda/camunda-bpm-platform/issues/2699 . Please use this link for any future references and continue any discussion there.

Assignee:: Thorben Lindhauer

Reporter:: Thorben Lindhauer

DRI:: Thorben Lindhauer

Reviewer:: Tassilo Weidner

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 23/Feb/22 11:47 AM

Updated:: 12/Oct/22 11:51 AM

camunda BPM

Details

Description

Acceptance Criteria (Required on creation):

Hints (optional):

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

Collapse comment: Thorben Lindhauer added a comment - 23/Feb/22 11:48 AM

Expand comment: Thorben Lindhauer added a comment - 23/Feb/22 11:48 AM

Collapse comment: Thorben Lindhauer added a comment - 25/Feb/22 4:31 PM

Expand comment: Thorben Lindhauer added a comment - 25/Feb/22 4:31 PM

Collapse comment: Thorben Lindhauer added a comment - 12/Oct/22 11:51 AM

Expand comment: Thorben Lindhauer added a comment - 12/Oct/22 11:51 AM

People

Dates

Salesforce