Describe the bug
The generated gitlab report cannot be parsed by gitlab because of a number of schema validation issues.
- vulnerability name can be greater than 255 characters (this happens most commonly when the description is used for the name field)
- description must be present (it is not required in the schema)
- links without a name or url do not render properly, the latter is invalid as all links must have a url according to the schema
Version of dependency-check used
The problem occurs using version 12.0.2 of the cli
Log file
log file
To Reproduce
Steps to reproduce the behavior:
- Install version 12.0.2 of the cli or acquire from releases
- Navigate to a project with the following vulnerable dependencies (as an example): GHSA-g9r4-xpmj-mj65 and GHSA-2cf5-4w76-r9qv
- Run the command
dependency-check.sh --format "ALL" --nvdDataFeed "$DATA_FEED_URL"
- View the report in
dependency-check-gitlab.json
Expected behavior
A json document compliant with the gitlab schema for dependency scanner reports
Additional context
For our project we use a mirror of the nist nvd data feed.
Describe the bug
The generated gitlab report cannot be parsed by gitlab because of a number of schema validation issues.
Version of dependency-check used
The problem occurs using version 12.0.2 of the cli
Log file
log file
To Reproduce
Steps to reproduce the behavior:
dependency-check.sh --format "ALL" --nvdDataFeed "$DATA_FEED_URL"dependency-check-gitlab.jsonExpected behavior
A json document compliant with the gitlab schema for dependency scanner reports
Additional context
For our project we use a mirror of the nist nvd data feed.