Generate Scorecard to include the New XML Format post 10.x release of AppScan Standard #157
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shivababuh
commented
Sep 8, 2021
- New XML Format post 10.x release
* New XML Format post 10.x release * take care of xpath issues
|
Can you send me a copy of a new results file so I can test myself? If you happen to have an older format results file too, that would be great as I'd like to verify it still works with the old format and the new. You can email to [email protected] (likely have to send me a dropbox link or something). Thanks for your contribution! |
davewichers
added a commit
that referenced
this pull request
Sep 14, 2021
…nal changes by me, including running spotless properly.
|
@shivababuh - I pushed the equivalent of your changes directly to master. I rearranged the case statement a bit, but didn't change any logic. Can you test to verify this is equivalent to what was in your pull request? If so, can you close this pull request? |
|
Thanks, Working as expected. |
shivababuh
added a commit
to shivababuh/Benchmark
that referenced
this pull request
Dec 15, 2021
* XSS Scenarios * xss mods * review comments incorporated * scripts to create several SAST reports * Update AppScanDynamicReader2.java per pull request OWASP-Benchmark#157, with additional changes by me, including running spotless properly. * Update codeql-analysis.yml CodeQL auto build is failing with a "Picked up JAVA_TOOL_OPTIONS:..." message, so let's try a plain old Maven build. * Update codeql-analysis.yml Ensure that the CodeQL workflow checks out enough git history to support the spotless ratchetFrom test in the Maven build. * Update README.md Trivial grammar fix. * Renamed Intermediate class & removed the commented out code * change horusec to docker * prevent installation outputs * insider - check for availability and updates * use docker instead of calling semgrep directly * require docker * fix typo * Upgrade a bunch of dependencies and remove a few unused ones. * fix insider installation check 🙈 * execute bit for docker script * more preconditions checks * store sonarqube credentials in seperate file * prevent adding of sonarqube credentials * docker cleanup * Revert "docker cleanup" This reverts commit 70e7c48. * docker cleanup * Add dependency used by a script. Minor tweaks to a few scripts. * A few minor fixes to the other IAST run scripts. * This is a MAJOR change. This commit rips out all the utilities included with Benchmark to score it, run crawlers on it, etc. Those utilities are now in a seperate project called BenchmarkUtils. BenchmarkUtils produces a maven plugin that is now used by all the scoring and crawling scripts updated in this commit. You have to clone BenchmarkUtils, then run: mvn install, to get the plugin (which is built and installed locally). * Proxy Settings added to OWASP Benchmark Crawler to enable different hosts (#1) * Simplify configuration of 2 config files. Minor updates to a number of test cases. * Updated the Dockerfile to reflect the repo change to BenchmarkJava * Fix utility method so more 'standard' headers are filtered out when trying to identify the custom header for test cases that use that. * Intermediate file is deleted Co-authored-by: user <[email protected]> Co-authored-by: gituser <[email protected]> Co-authored-by: kaveti.l <[email protected]> Co-authored-by: Sascha Knoop <[email protected]> Co-authored-by: Dave Wichers <[email protected]> Co-authored-by: dandersonaspect <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: shivababuh <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.