Eclipse Steady

Eclipse Steady - Analysis Report

Generated at: $generatedAt

Target:

Workspace:

$space.getSpaceToken()


Group:

$app.getMvnGroup()


Artifact:

$app.getArtifact()


Version:

$app.getVersion()


#if($isAggregated)
Aggregated projects ($projects.size()) +
#end

Links:

#if($thresholdMet)

Analysis Result: Success

#else

Analysis Result: Failure

#end

#if($thresholdMet) No critical findings (considering the below-mentioned configuration), thus, no build exception is thrown #else $vulnsAboveThreshold.size() critical findings (considering the below-mentioned configuration), thus, a build exception is thrown #end The findings presented below represent archives containing code that is subject to a specific vulnerability. Expand to see the vulnerability description and the CVSS score (if any). While the first table column indicates that vulnerable code is contained, the other two columns show whether that vulnerable code is reachable according to the static and dynamic analyses (if performed using the respective analysis goals). #if($isAggregated) Hover over the table cells to see the full identifier (GAV) of the affected application project as well as details about the respective dependency. #else Hover over the table cells to see more details about the dependency. #end

Used Configuration Settings

exceptionThreshold: $exceptionThreshold
Specifies if and when the plugin will throw a build exception.

Possible values (default: dependsOn):
  • noException - no build exception will be thrown, regardless of the analysis results
  • dependsOn - an exception will be thrown if at least one application project depends on an archive with known vulnerabilities (typically by declaring a dependency in the POM file)
  • potentiallyExecutes - an exception will be thrown if at least one application project can potentially execute vulnerable code (according to static source code analysis).
  • actuallyExecutes - an exception will be thrown if at least one application project actually executes vulnerable code during application tests.


exceptionScopeBlacklist: $exceptionScopeBlacklist List of scopes that will be ignored when deciding whether to throw a build exception

Possible values: compile, provided, runtime, test, system
Default: [TEST, PROVIDED]


exceptionExcludedBugs: $exceptionExcludedBugs List of security vulnerabilities that will be ignored (exempted) when deciding whether to throw a build exception

Example: CVE-2014-0050
Default: none #if( $obsoleteExemptionsHistorical || $obsoleteExemptionsSignatureNotPresent )

Obsolete exemptions (historical vulnerabilities): $obsoleteExemptionsHistorical
Obsolete exemptions (signatures of vulnerable code not present): $obsoleteExemptionsSignatureNotPresent #end

Critical Vulnerabilities ($vulnsAboveThreshold.size())

#foreach( $vul in $vulnsAboveThreshold )

$vul.filename

affected by

#if( $vul.bug.getReference().isEmpty() ) $vul.bug.getBugId() #else $vul.bug.getBugId() #end

Archive Digest: $vul.archiveid
CVSS Score: $vul.bug.getCvssDisplayString()

$vul.bug.getDescription()

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
    #foreach( $analysis in $vul.analyses )
  1. $analysis.getApp().getArtifact() #if( $analysis.isAffectedVersion() && $analysis.isAffectedVersionConfirmed() ) Vulnerable #elseif( $analysis.isNoneAffectedVersion() ) Not vulnerable #elseif( !$analysis.isAffectedVersionConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='dependsOn' && $analysis.isThrowsExceptionExcluded() )
    A build exception for this finding was suppressed according to the goal configuration #end
  2. #end
    #foreach( $analysis in $vul.analyses ) #if( !$analysis.isNoneAffectedVersion())
  1. $analysis.getApp().getArtifact() #if( $analysis.isReachable() ) Reachable #elseif( $analysis.isNotReachable() ) Not reachable #elseif( !$analysis.isReachableConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='potentiallyExecutes' && $analysis.isThrowsExceptionExcluded() )
    A build exception for this finding was suppressed according to the goal configuration #end
  2. #end #end
    #foreach( $analysis in $vul.analyses ) #if( !$analysis.isNoneAffectedVersion())
  1. $analysis.getApp().getArtifact() #if( $analysis.isTraced() ) Reached #elseif( $analysis.isNotTraced() ) Not reached #elseif( !$analysis.isTracedConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='actuallyExecutes' && $analysis.isThrowsExceptionExcluded() )
    A build exception for this finding was suppressed according to the goal configuration #end
  2. #end #end

#end

Exempted Vulnerabilities ($vulnsBelowThreshold.size())

#foreach( $vul in $vulnsBelowThreshold )

$vul.filename

affected by

#if( $vul.bug.getReference().isEmpty() ) $vul.bug.getBugId() #else $vul.bug.getBugId() #end

Archive Digest: $vul.archiveid
CVSS Score: $vul.bug.getCvssDisplayString()

$vul.bug.getDescription()

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
    #foreach( $analysis in $vul.analyses )
  1. $analysis.getApp().getArtifact() #if( $analysis.isAffectedVersion() && $analysis.isAffectedVersionConfirmed() ) Vulnerable #elseif( $analysis.isNoneAffectedVersion() ) Not vulnerable #elseif( !$analysis.isAffectedVersionConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='dependsOn' && $analysis.isThrowsExceptionExcluded() )
    Note: Above configuration settings suppressed a build exception for this finding #end
  2. #end
    #foreach( $analysis in $vul.analyses ) #if( !$analysis.isNoneAffectedVersion())
  1. $analysis.getApp().getArtifact() #if( $analysis.isReachable() ) Reachable #elseif( $analysis.isNotReachable() ) Not reachable #elseif( !$analysis.isReachableConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='potentiallyExecutes' && $analysis.isThrowsExceptionExcluded() )
    Note: Above configuration settings suppressed a build exception for this finding #end
  2. #end #end
    #foreach( $analysis in $vul.analyses ) #if( !$analysis.isNoneAffectedVersion())
  1. $analysis.getApp().getArtifact() #if( $analysis.isTraced() ) Reached #elseif( $analysis.isNotTraced() ) Not reached #elseif( !$analysis.isTracedConfirmed() ) Unknown #end
    Group: $analysis.getApp().getMvnGroup()
    Artifact: $analysis.getApp().getArtifact()
    Version: $analysis.getApp().getVersion()
    Scope: $analysis.getDep().getScope()
    Transitive dependency: $analysis.getDep().getTransitive() #if( $exceptionThreshold=='actuallyExecutes' && $analysis.isThrowsExceptionExcluded() )
    Note: Above configuration settings suppressed a build exception for this finding #end
  2. #end #end

#end