Generated at: $generatedAtTarget:
Workspace:
#if($isAggregated)
$space.getSpaceToken()Group: $app.getMvnGroup()Artifact: $app.getArtifact()Version: $app.getVersion()
Aggregated projects ($projects.size()) +
#end
Links: |
#if($thresholdMet)
Analysis Result: Success#elseAnalysis Result: Failure#end#if($thresholdMet) No critical findings (considering the below-mentioned configuration), thus, no build exception is thrown #else $vulnsAboveThreshold.size() critical findings (considering the below-mentioned configuration), thus, a build exception is thrown #endThe findings presented below represent archives containing code that is subject to a specific vulnerability. Expand to see the vulnerability description and the CVSS score (if any). While the first table column indicates that vulnerable code is contained, the other two columns show whether that vulnerable code is reachable according to the static and dynamic analyses (if performed using the respective analysis goals). #if($isAggregated) Hover over the table cells to see the full identifier (GAV) of the affected application project as well as details about the respective dependency. #else Hover over the table cells to see more details about the dependency. #endUsed Configuration SettingsexceptionThreshold: $exceptionThresholdSpecifies if and when the plugin will throw a build exception. Possible values (default: dependsOn):
exceptionScopeBlacklist: $exceptionScopeBlacklistList of scopes that will be ignored when deciding whether to throw a build exceptionPossible values: compile, provided, runtime, test, system Default: [TEST, PROVIDED] exceptionExcludedBugs: $exceptionExcludedBugsList of security vulnerabilities that will be ignored (exempted) when deciding whether to throw a build exceptionExample: CVE-2014-0050 Default: none #if( $obsoleteExemptionsHistorical || $obsoleteExemptionsSignatureNotPresent ) Obsolete exemptions (historical vulnerabilities): $obsoleteExemptionsHistorical Obsolete exemptions (signatures of vulnerable code not present): $obsoleteExemptionsSignatureNotPresent #end |
Includes vulnerable code | Potentially executes vulnerable code | Executes vulnerable code |
---|---|---|
|
|
|
Includes vulnerable code | Potentially executes vulnerable code | Executes vulnerable code |
---|---|---|
|
|
|