Add support for the new OWASP Dependency Check version 8.0 and xsd version 3.1 #5251
Assignees
Labels
Source(s)
New, enhanced, or removed metric source
Comments
fniessink
added
Source(s)
|
It looks like the new version only adds some extra attributes, so I think Quality-time will work with the new DTD without code changes. I'll add the DTD version to the list of supported versions. 2c2
< <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd" id="analysis" elementFormDefault="qualified" targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd">
---
> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd" id="analysis" elementFormDefault="qualified" targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd">
145a146,157
> <xs:complexType name="knownExploitedVulnerability">
> <xs:sequence>
> <xs:element name="vendorProject" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="product" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="dateAdded" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="requiredAction" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="dueDate" type="xs:string" minOccurs="0" maxOccurs="1"/>
> <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
> </xs:sequence>
> </xs:complexType>
148a161
> <xs:element name="knownExploitedVulnerability" type="dc:knownExploitedVulnerability" minOccurs="0" maxOccurs="1"/>
190a204,218
> </xs:sequence>
> </xs:complexType>
> </xs:element>
> <xs:element name="includedBy" minOccurs="0" maxOccurs="1">
> <xs:complexType>
> <xs:sequence minOccurs="0" maxOccurs="unbounded">
> <xs:element name="reference" minOccurs="0" maxOccurs="unbounded">
> <xs:complexType>
> <xs:simpleContent>
> <xs:extension base="xs:string">
> <xs:attribute name="type" type="xs:string"/>
> </xs:extension>
> </xs:simpleContent>
> </xs:complexType>
> </xs:element> |
fniessink
added a commit
that referenced
this issue
Jan 18, 2023
fniessink
added a commit
that referenced
this issue
Jan 18, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The OWASP Dependency check is recently upgraded tot 8.0. The XSD also changed with this version. QT doesn't support this XSD version (yet).
Describe the solution you'd like
Support version: https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd with QT.
Additional context
AssertionError: The XML root element should be one of "['{https://jeremylong.github.io/DependencyCheck/dependency-check.2.0.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.1.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.2.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.3.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.4.xsd}analysis', '{https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd}analysis']" but is "{https://jeremylong.github.io/DependencyCheck/dependency-check.3.1.xsd}analysis"
The text was updated successfully, but these errors were encountered: