Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency check task #16

Merged
merged 40 commits into from
Mar 2, 2020
Merged

Dependency check task #16

merged 40 commits into from
Mar 2, 2020

Conversation

CloudPlatformer
Copy link
Contributor

Build task to identify vulnerable dependencies.

Uses the OWASP Dependency Check CLI tool:
https://owasp.org/www-project-dependency-check/
https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html

Sends the results to log analytics for visibility in grafana.

chelnak and others added 30 commits January 29, 2020 19:54
@chelnak
Initial commit
3e4161b
@chelnak
Add manifest and move task config
17030b9
@chelnak
Fix linting
6eb1204
@chelnak
Implement log analytics functionality
6a05b27
@chelnak
Update to log analytics module
566cdde
Added use of owasp-dependency-check cli tool to create csv report
247f9d2
Added inputs to task.json and set index.ts to use the inputs
8f172f5
Added java files and restructured folders
35107e3
Added ability to run on linux
946824a
Added download of odc.mv.db and jsrepository.json to increase speed o…
03a2cee 
…f dependency-check batch/shell file
@chelnak
Add npm scripts and flattern directory
e811efc
@chelnak
A bit of house keeping (#13)
e621b43 
* Exclude no console rule
* Correct eslint errors, move util functions in to runtime and handle asyncs better
* Add a utility helper
* Add some local debugging stuff
* Start migrating away from request module [Test for http]
Added .env to to .gitignore
7a6c0c1
Added dotenv to devDependencies
c7193b3
Package change: @azure/storage-blob to download blob files instead of…
90ce479 
… http
@chelnak
Add a mock task runner (#14)
7cd0424 
* Initial commit for mock task runner

* Fix path building for taskrunner

* Fix how we build paths to files

* Update npm test script
Replaced storageAccountName with databaseEndpoint, used https package…
729b419 
… instead of @azure/storage-blob
Removed @azure/storage-blob from package.json
6f7ae56
Revert databaseEndpoint to const
0c60c35
@CloudPlatformer
Move contents to task folder (#15)
a8021bf 
* Moved task contents to a task folder for Azure DevOps task to function
Added task inputs and explictly set output path of csv file
7857467
Set permission of cli script and reformatted dependency-check.sh
d75af7b
Added .gitattributes file setting eol=lf
50a518d
Removed --noupdate flag if enableSelfHostedDatabase is false
f21bbad
Added spawnSync for chmod command to edit file permission if linux
78d40dc
Corrected path to index.js in success/failure.js and moved setting of…
69c2878 
… trimmedDatabaseEndpoint
Added icon.png in directory of task.json
33b3b4b
Added setting predefined build variables to uploaded JSON
13c8229
Added additional predefined variables to submitted JSON
fc70ce1
Corrected predefined variables and added deletion of data folder
f95c638
adam230594
adam230594 approved these changes Feb 28, 2020
View reviewed changes
Copy link

@adam230594 adam230594 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jack ran through the code with me, also showed me a working solution on his PC. Approved.

tasks/DependencyCheck/azure-pipelines.yml Show resolved Hide resolved
@chelnak
Copy link
Contributor

chelnak commented Mar 1, 2020

I would like to see a demo before it's merged please 👍

@CloudPlatformer CloudPlatformer mentioned this pull request Mar 2, 2020
Closed
@chelnak
Copy link
Contributor

chelnak commented Mar 2, 2020

Had a run through with @jack-education and am happy for MVS.

@jack-education Does CI update the task version for us?

@CloudPlatformer
Copy link
Contributor Author

Had a run through with @jack-education and am happy for MVS.

@jack-education Does CI update the task version for us?

@chelnak It doesn't, shall I look to add it as part of MVS?

@chelnak
Copy link
Contributor

chelnak commented Mar 2, 2020

Maybe not for MVS but it needs to be there asap afterwards.

@CloudPlatformer CloudPlatformer merged commit 72f4f18 into master Mar 2, 2020
@CloudPlatformer CloudPlatformer deleted the dependency_check branch March 2, 2020 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adam230594 adam230594 adam230594 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CloudPlatformer @chelnak @adam230594