Usage

The app provides you with two main features:

• Dependency check results in your build summary (includes ability to create pre-filled Jira issues for follow-up)

• Custom cross-plans Dependency Check Bamboo Report

Dependency check results in your build summary

The app provides you with an overview of the Dependency check result in your build summary including:

• The Bamboo job name

• A link to open Dependency Check report (see section below)

• The number of vulnerable dependencies

• The number of vulnerabilities with a CVSS score exceeding the threshold defined in your Dependency Check configuration

• An action to create Jira issues (see section below)

Dependency reports

You can open the OWASP dependency check report for each Bamboo job of the build by clicking on the report link.

The report will be displayed in a modal within the build summary screen.

Create pre-filled Jira issues

You can create Jira issues directly from the build summary screen by clicking on a Create Issue link in the Dependency Check section.

An issue will be created, pre-filled with the following:

As mentioned in the getting started page, you need to add Jira issue keys to your commit messages and integrate Bamboo with a Jira application in order to create pre-filled Jira issues

Custom Dependency Check Bamboo Report

The app generates a custom report available within Bamboo reports called DepCheck Vulnerable Dependencies. This report shows the number of unique vulnerable dependencies exceeding the CVSS threshold defined in your Dependency Check.

To access the report, navigate to Reports in the upper navbar and select DepCheck Vulnerable Dependencies within the dropdown of available reports.

You can then select the Build Plans to be displayed and the timeframe.