All Downloads are FREE. Search and download functionalities are using the official Maven repository.

templates.jsonReport.vsl Maven / Gradle / Ivy

Go to download

dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.

There is a newer version: 10.0.4
Show newest version
{
    "reportSchema": "1.1",
    "scanInfo": {
        "engineVersion": "$version",
        "dataSource": [
        #foreach($prop in $properties.getMetaData().entrySet())
        #if($foreach.count > 1),#end{
                "name": "$enc.json($prop.key)",
                "timestamp": "$enc.json($prop.value)"
            }
        #end
        ]
    },
    "projectInfo": {
        "name": "$enc.json($applicationName)",
        #if($groupID)"groupID":"$enc.json($groupID)",#end
        #if($artifactID)"artifactID":"$enc.json($artifactID)",#end
        #if($applicationVersion)"version":"$enc.json($applicationVersion)",#end
        "reportDate": "$enc.json($scanDateXML)",
        "credits": {
            "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov",
            "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories",
            "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/",
            "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org"
        }
    },
    "dependencies": [
        #foreach($dependency in $dependencies)#if($foreach.count > 1),#end{
            "isVirtual": #if($dependency.isVirtual())true#{else}false#end,
            "fileName": "$enc.json($dependency.DisplayFileName)",
            "filePath": "$enc.json($dependency.FilePath)"
            #if(!$dependency.isVirtual()),"md5": "$enc.json($dependency.Md5sum)",
            "sha1": "$enc.json($dependency.Sha1sum)",
            "sha256": "$enc.json($dependency.Sha256sum)"#end
            #if($dependency.description),"description": "$enc.json($dependency.description)"#end
            #if($dependency.license),"license": "$enc.json($dependency.license)"#end
            #if ($dependency.projectReferences.size()>0)
            ,"projectReferences": [
            #foreach($ref in $dependency.projectReferences)
                #if($foreach.count > 1),#end
                "$enc.json($ref)"
            #end
            ]
            #end
            #if ($dependency.getRelatedDependencies().size()>0)
            ,"relatedDependencies": [
                #foreach($related in $dependency.getRelatedDependencies()) #if($foreach.count > 1),#end {
                    "isVirtual": #if($related.isVirtual())true#{else}false#end,
                    "filePath": "$enc.json($related.FilePath)"
                    #if(!$related.isVirtual()),"sha256": "$enc.json($related.Sha256sum)",
                    "sha1": "$enc.json($related.Sha1sum)",
                    "md5": "$enc.json($related.Md5sum)"#end#if($related.getSoftwareIdentifiers().size()>0),
                    "packageIds": [
                        #foreach($id in $related.getSoftwareIdentifiers())
                            #if($foreach.count > 1),#end
                            {
                                "id": "$id.value"
                                #if ($id.url),"url": "$enc.json($id.url)"#end
                                #if ($id.notes),"notes": "$enc.json($id.notes)"#end
                                #if ($id.description),"description":"$enc.json($id.description)"#end
                            }
                        #end
                    ]#end
                }
                #end
            ]
            #end
            ,"evidenceCollected": {
                "vendorEvidence": [
                    #foreach($evidence in $dependency.getEvidence($VENDOR))
                        #if($foreach.count > 1),#end{
                            "type": "vendor",
                            "confidence": "$enc.json($evidence.getConfidence().toString())",
                            "source": "$enc.json($evidence.getSource())",
                            "name": "$enc.json($evidence.getName())",
                            "value": "$enc.json($evidence.getValue().trim())"
                        }
                    #end
                ],
                "productEvidence": [
                    #foreach($evidence in $dependency.getEvidence($PRODUCT))
                        #if($foreach.count > 1),#end{
                            "type": "product",
                            "confidence": "$enc.json($evidence.getConfidence().toString())",
                            "source": "$enc.json($evidence.getSource())",
                            "name": "$enc.json($evidence.getName())",
                            "value": "$enc.json($evidence.getValue().trim())"
                    }
                    #end
                ],
                "versionEvidence": [
                    #foreach($evidence in $dependency.getEvidence($VERSION))
                    #if($foreach.count > 1),#end
                    {
                        "type": "version",
                        "confidence": "$enc.json($evidence.getConfidence().toString())",
                        "source": "$enc.json($evidence.getSource())",
                        "name": "$enc.json($evidence.getName())",
                        "value": "$enc.json($evidence.getValue().trim())"
                    }
                    #end
                ]
            }
            #if($dependency.getSoftwareIdentifiers() && $dependency.getSoftwareIdentifiers().size()>0)
                ,"packages": [
                #foreach($id in $dependency.getSoftwareIdentifiers())
                    #if($foreach.count > 1),#end
                    {
                        "id": "$enc.json($id.value)"
                        #if($id.confidence),"confidence": "$enc.json($id.confidence)"#end
                        #if($id.url),"url": "$enc.json($id.url)"#end
                        #if($id.description),"description": "$enc.json($id.description)"#end
                        #if($id.notes),"notes": "$enc.json($id.notes)"#end
                    }
                #end
            ]#end
            #if($dependency.getVulnerableSoftwareIdentifiers() && $dependency.getVulnerableSoftwareIdentifiers().size()>0)
                ,"vulnerabilityIds": [
                #foreach($id in $dependency.getVulnerableSoftwareIdentifiers())
                    #if($foreach.count > 1),#end
                {
                    "id": "$enc.json($id.value)"
                    #if($id.confidence),"confidence": "$enc.json($id.confidence)"#end
                    #if($id.url),"url": "$enc.json($id.url)"#end
                    #if($id.description),"description": "$enc.json($id.description)"#end
                    #if($id.notes),"notes": "$enc.json($id.notes)"#end
                }
                #end
            ]#end
            #if($dependency.getSuppressedIdentifiers() && $dependency.getSuppressedIdentifiers().size()>0)
                ,"suppressedVulnerabilityIds": [
                #foreach($id in $dependency.getSuppressedIdentifiers())
                    #if($foreach.count > 1),#end
                    {
                        "id": "$enc.json($id.value)"
                        #if($id.confidence),"confidence": "$enc.json($id.confidence)"#end
                        #if($id.url),"url": "$enc.json($id.url)"#end
                        #if($id.description),"description": "$enc.json($id.description)"#end
                        #if($id.notes),"notes": "$enc.json($id.notes)"#end
                    }
                #end
            ]#end

            #if($dependency.getVulnerabilities().size()>0)
            ,"vulnerabilities": [
            #foreach($vuln in $dependency.getVulnerabilities(true))#if($foreach.count > 1),#end {
                "source": "$enc.json($vuln.getSource().name())",
                "name": "$enc.json($vuln.name)",
                #if($vuln.UnscoredSeverity)"severity" : "$enc.json($vuln.unscoredSeverity)",
#elseif($vuln.cvssV3 && $vuln.cvssV3.baseSeverity)
                    "severity" : "$enc.json($vuln.cvssV3.baseSeverity)",
#elseif($vuln.cvssV2 && $vuln.cvssV2.severity)
                    "severity" : "$enc.json($vuln.cvssV2.severity)",
#end
#if($vuln.cvssV2)
                    "cvssv2": {
                        "score": $vuln.cvssV2.score,
                        "accessVector": "$enc.json($vuln.cvssV2.accessVector)",
                        "accessComplexity": "$enc.json($vuln.cvssV2.accessComplexity)",
                        "authenticationr": "$enc.json($vuln.cvssV2.authentication)",
                        "confidentialImpact": "$enc.json($vuln.cvssV2.confidentialityImpact)",
                        "integrityImpact": "$enc.json($vuln.cvssV2.integrityImpact)",
                        "availabilityImpact": "$enc.json($vuln.cvssV2.availabilityImpact)",
                        "severity": "$enc.json($vuln.cvssV2.severity)"
                    },
#end
#if($vuln.cvssV3)
                    "cvssv3": {
                        "baseScore": $vuln.cvssV3.baseScore,
                        "attackVector": "$enc.json($vuln.cvssV3.attackVector)",
                        "attackComplexity": "$enc.json($vuln.cvssV3.attackComplexity)",
                        "privilegesRequired": "$enc.json($vuln.cvssV3.privilegesRequired)",
                        "userInteraction": "$enc.json($vuln.cvssV3.userInteraction)",
                        "scope": "$enc.json($vuln.cvssV3.scope)",
                        "confidentialityImpact": "$enc.json($vuln.cvssV3.confidentialityImpact)",
                        "integrityImpact": "$enc.json($vuln.cvssV3.integrityImpact)",
                        "availabilityImpact": "$enc.json($vuln.cvssV3.availabilityImpact)",
                        "baseSeverity": "$enc.json($vuln.cvssV3.baseSeverity)"
                    },
#end
#if (!$vuln.cwe.cwes.isEmpty())
                    "cwes": [
#foreach($cweEntry in $vuln.cwes.entries)
                        #if($foreach.count > 1),#end
                        "$enc.json($cweEntry)"
#end
                    ],
#end
                "description": "$enc.json($vuln.description)",
                "notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
                "references": [
                    #foreach($ref in $vuln.getReferences())
                        #if($foreach.count > 1),#end {
                        "source": "$enc.json($ref.source)",
                        #if ($ref.url)"url": "$enc.json($ref.url)",#end
                        "name": "$enc.json($ref.name)"
                    }#end
                ],
                "vulnerableSoftware": [
                    #foreach($vs in $vuln.getVulnerableSoftware())
                        #if($foreach.count > 1),#end {
                        "software": { 
                            "id":"$enc.json($vs.toCpe23FS())"
                            #if($vs == $vuln.matchedVulnerableSoftware),"vulnerabilityIdMatched":"true"#end
                            #if($vs.versionStartIncluding),"versionStartIncluding":"$enc.json($vs.versionStartIncluding)"#end
                            #if($vs.versionStartExcluding),"versionStartExcluding":"$enc.json($vs.versionStartExcluding)"#end
                            #if($vs.versionEndIncluding),"versionEndIncluding":"$enc.json($vs.versionEndIncluding)"#end
                            #if($vs.versionEndExcluding),"versionEndExcluding":"$enc.json($vs.versionEndExcluding)"#end
                            #if(!$vs.vulnerable),"vulnerable":"$vs.vulnerable"#end
                        }
                    }#end
                ]
                }#end
            ]#end
            #if($dependency.getSuppressedVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
            ,"suppressedVulnerabilities": [
                #foreach($vuln in $dependency.getSuppressedVulnerabilities(true))#if($foreach.count > 1),#end {
                "source": "$enc.json($vuln.getSource().name())",
                "name": "$enc.json($vuln.name)",
#if($vuln.cvssV2)
                    "cvssv2": {
                        "score": $vuln.cvssV2.score,
                        "accessVector": "$enc.json($vuln.cvssV2.accessVector)",
                        "accessComplexity": "$enc.json($vuln.cvssV2.accessComplexity)",
                        "authenticationr": "$enc.json($vuln.cvssV2.authentication)",
                        "confidentialImpact": "$enc.json($vuln.cvssV2.confidentialityImpact)",
                        "integrityImpact": "$enc.json($vuln.cvssV2.integrityImpact)",
                        "availabilityImpact": "$enc.json($vuln.cvssV2.availabilityImpact)",
                        "severity": "$enc.json($vuln.cvssV2.severity)"
                    },
#end
#if($vuln.cvssV3)
                    "cvssv3": {
                        "baseScore": $vuln.cvssV3.baseScore,
                        "attackVector": "$enc.json($vuln.cvssV3.attackVector)",
                        "attackComplexity": "$enc.json($vuln.cvssV3.attackComplexity)",
                        "privilegesRequired": "$enc.json($vuln.cvssV3.privilegesRequired)",
                        "userInteraction": "$enc.json($vuln.cvssV3.userInteraction)",
                        "scope": "$enc.json($vuln.cvssV3.scope)",
                        "confidentialityImpact": "$enc.json($vuln.cvssV3.confidentialityImpact)",
                        "integrityImpact": "$enc.json($vuln.cvssV3.integrityImpact)",
                        "availabilityImpact": "$enc.json($vuln.cvssV3.availabilityImpact)",
                        "baseSeverity": "$enc.json($vuln.cvssV3.baseSeverity)"
                    },
#end
#if (!$vuln.cwe.cwes.isEmpty())
                    "cwes": [
#foreach($cweEntry in $vuln.cwes.entries)
                        #if($foreach.count > 1),#end
                        "$enc.json($cweEntry)"
#end
                    ],
#end
                "description": "$enc.json($vuln.description)",
                "notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
                "references": [
                    #foreach($ref in $vuln.getReferences())
                        #if($foreach.count > 1),#end {
                    "source": "$enc.json($ref.source)",
                    #if ($ref.url)"url": "$enc.json($ref.url)",#end
                    "name": "$enc.json($ref.name)"
                    }#end
                ],
                "vulnerableSoftware": [
                    #foreach($vs in $vuln.getVulnerableSoftware())
                        #if($foreach.count > 1),#end {
                        "software": { 
                            "id":"$enc.json($vs.toCpe23FS())"
                            #if($vs == $vuln.matchedVulnerableSoftware),"vulnerabilityIdMatched":"true"#end
                            #if($vs.versionStartIncluding),"versionStartIncluding":"$enc.json($vs.versionStartIncluding)"#end
                            #if($vs.versionStartExcluding),"versionStartExcluding":"$enc.json($vs.versionStartExcluding)"#end
                            #if($vs.versionEndIncluding),"versionEndIncluding":"$enc.json($vs.versionEndIncluding)"#end
                            #if($vs.versionEndExcluding),"versionEndExcluding":"$enc.json($vs.versionEndExcluding)"#end
                            #if(!$vs.vulnerable),"vulnerable":"$vs.vulnerable"#end
                        }
                    }#end
                ]
                }#end
            ]#end
        }#end
    ]
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy