Skip to content

dependency_check.md

Latest commit

 

History

History
20 lines (16 loc) · 889 Bytes

dependency_check.md

File metadata and controls

20 lines (16 loc) · 889 Bytes
title Dependency Check
toc_hide true

OWASP Dependency Check output can be imported in Xml format. This parser ingests the vulnerable dependencies and inherits the suppressions.

  • Suppressed vulnerabilities are tagged with the tag: suppressed.
  • Suppressed vulnerabilities are marked as mitigated.
  • If the suppression is missing any <notes> tag, it tags them as no_suppression_document.
  • Related vulnerable dependencies are tagged with related tag.

Sample Scan Data

Sample Dependency Check scans can be found here.

Default Deduplication Hashcode Fields

By default, DefectDojo identifies duplicate Findings using these hashcode fields:

  • title
  • cwe
  • file path