<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Sun Feb 11 23:41:20 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[BUILD-373] Implement OWASP Dependency Check for selected webapps</title>
                <link>https://jira.magnolia-cms.com/browse/BUILD-373</link>
                <project id="10330" key="BUILD">Build</project>
                    <description>&lt;ol&gt;
	&lt;li&gt;implement suppressions (false-positives), likely through plugin configuration in parent POMs&lt;/li&gt;
	&lt;li&gt;provide a default &lt;tt&gt;suppressionFile&lt;/tt&gt; in build-resources module&lt;/li&gt;
	&lt;li&gt;&lt;em&gt;also&lt;/em&gt; configure a project-specific location, so that projects can add more suppressions, without requiring parent pom re-release&lt;/li&gt;
	&lt;li&gt;let&apos;s not bind the &lt;tt&gt;check&lt;/tt&gt; goal to any phase yet&lt;/li&gt;
	&lt;li&gt;for local run: &lt;tt&gt;mvn dependency-check:check&lt;/tt&gt;, typically mostly relevant in webapps&lt;/li&gt;
	&lt;li&gt;for CI runs: add a separate pipeline step to &lt;tt&gt;magnoliaPacksPipeline&lt;/tt&gt; I believe, invoking the mvn command above&lt;/li&gt;
	&lt;li&gt;add a report configuration for site-generation, using the &lt;tt&gt;aggregate&lt;/tt&gt; goal on module parent (nice to have)&lt;/li&gt;
	&lt;li&gt;estimate load on CI from vulnerability database updates&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;Initial research goal (fulfilled): estimate initial effort to discard false positives such as the one mentioned on the &lt;a href=&quot;https://wiki.magnolia-cms.com/display/DEV/CVE+scans+for+3rd-party+libs&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;CVE scans research log&lt;/a&gt;.&lt;br/&gt;
=&amp;gt; suppressions may not be &lt;em&gt;that&lt;/em&gt; hard, and upon second look amount of false-positives seems manageable.&lt;/p&gt;</description>
                <environment></environment>
        <key id="79208">BUILD-373</key>
            <summary>Implement OWASP Dependency Check for selected webapps</summary>
                <type id="3" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10898&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/major.svg">Major</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="dai.ha">Dai Ha</assignee>
                                    <reporter username="mgeljic">Mika&#235;l Gelji&#263;</reporter>
                        <labels>
                    </labels>
                <created>Thu, 5 Sep 2019 13:27:21 +0200</created>
                <updated>Mon, 1 Nov 2021 14:35:33 +0100</updated>
                            <resolved>Tue, 24 Mar 2020 08:23:09 +0100</resolved>
                                                    <fixVersion>Build Resources 1.6.8</fixVersion>
                    <fixVersion>POMs 38</fixVersion>
                                    <component>Poms</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                    <progress percentage="100">
                                    <originalProgress>
                                                    <row percentage="0" backgroundColor="#89afd7"/>
                                                    <row percentage="100" backgroundColor="transparent"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="100" backgroundColor="#51a825"/>
                                                    <row percentage="0" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </progress>
                                    <aggregateprogress percentage="100">
                                    <originalProgress>
                                                    <row percentage="0" backgroundColor="#89afd7"/>
                                                    <row percentage="100" backgroundColor="transparent"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="100" backgroundColor="#51a825"/>
                                                    <row percentage="0" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </aggregateprogress>
                                            <timeestimate seconds="0">0d</timeestimate>
                            <timespent seconds="144000">5d</timespent>
                                                        <aggregatetimeremainingestimate seconds="0">0d</aggregatetimeremainingestimate>
                                        <aggregatetimespent seconds="165600">5.75d</aggregatetimespent>
                                    <comments>
                            <comment id="209866" author="mgeljic" created="Fri, 14 Feb 2020 08:49:06 +0100"  >&lt;p&gt;attached a sample report to the wiki page&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10030">
                    <name>Cloners</name>
                                                                <inwardlinks description="is cloned by">
                                        <issuelink>
            <issuekey id="85072">MGNLEE-603</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10160">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="85054">MGNLEE-600</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10020">
                    <name>dependency</name>
                                                                <inwardlinks description="is depended upon by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10021">
                    <name>duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                            <subtask id="85034">BUILD-377</subtask>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10246" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DEV-921</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>fgrilli</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>dai.ha</customfieldvalue>
            <customfieldvalue>mgeljic</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzzwtr:j3rc</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1124">6.2 Ramp-up 19</customfieldvalue>
    <customfieldvalue id="1131">6.2 Ramp-up 20</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10242" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_14167" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Task DoR</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>