The app provides you with two main features:
Dependency check results in your build summary (includes ability to create pre-filled Jira issues for follow-up)
Custom cross-plans Dependency Check Bamboo Report
Dependency check results in your build summary
The app provides you with an overview of the Dependency check result in your build summary including:
The Bamboo job name
A link to open Dependency Check report (see section below)
The number of vulnerable dependencies
The number of vulnerabilities with a CVSS score exceeding the threshold defined in your Dependency Check configuration
An action to create Jira issues (see section below)
You can open the OWASP dependency check report for each Bamboo job of the build by clicking on the report link.
The report will be displayed in a modal within the build summary screen.
Create pre-filled Jira issues
You can create Jira issues directly from the build summary screen by clicking on a Create Issue link in the Dependency Check section.
An issue will be created, pre-filled with the following:
Address Vulnerable Dependencies
Reference of the vulnerable dependencies (name and version)
Link to the broken build
If a Jira User has a name matching that of the Bamboo user creating the issue, this Jira User will be assigned
If not, no reviewer assigned
As mentioned in the getting started page, you need to add Jira issue keys to your commit messages and integrate Bamboo with a Jira application in order to create pre-filled Jira issues
Custom Dependency Check Bamboo Report
The app generates a custom report available within Bamboo reports called DepCheck Vulnerable Dependencies. This report shows the number of unique vulnerable dependencies exceeding the CVSS threshold defined in your Dependency Check.
To access the report, navigate to Reports in the upper navbar and select DepCheck Vulnerable Dependencies within the dropdown of available reports.
You can then select the Build Plans to be displayed and the timeframe.