New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gitlab format report has invalid syntax for dependencies #6593
Comments
A quick look into the template makes me expect your 'specific circumstances' is having a dependency that didn't get its name property set (or got it set to a falsy value (in the evaluation of the templating engine)) |
We would also need more than just "It's broken - please fix". Do you have a project that can reproduce the issue? |
I have encountered the problem as well with version 9.1.0 as described by @david-eyeee The object {
"dependency_files": [
{
"path": "pom.xml",
"package_manager": "maven",
"dependencies": [
{
"package": {
"name": "commons-collections:commons-collections"
},
"version": "3.2.2"
},
]
}
],
"remediations": []
} These packages are wrapped inside it's own object and listed under The error is located on the last object inside of |
When looking at the template file [1], I would assume that there is another entry in [1] https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/templates/gitlabReport.vsl |
attached is a sample project that contains the files that generate the error. This is the command we use to execute the check
Thanks. |
Describe the bug
Under certain circumstances, the dependency-check-gitlab.json file has invalid syntax. Specifically, there is a trailing comma after the last package entry in the dependencies section of dependency_files. The dependency-check.json file does not have this issue. This is the section with the trailing comma:
{
"dependencies": [
{"package": {"name": "ComponentSpace.SAML2"},"version": "2.6.0.17"},
{"package": {"name": "select2"},"version": "3.4.3"},
{"package": {"name": "select2"},"version": "3.4.0"},
]
}
Version of dependency-check used
The problem occurs using version 9.1.0 of the docker image - owasp/dependency-check:9.1.0
Log file
To Reproduce
Expected behavior
dependency-check-gitlab.json should have valid syntax.
Additional context
I realize this bug report is missing lots of detail. This is a work account so unfortunately I cannot provide log files or the contents of the project that produced this error. However, I may be able to answer specific questions if you choose to pursue this issue. Thanks.
The text was updated successfully, but these errors were encountered: