Add date bounds to OWASP suppressions

org.openrewrite.xml.security.AddOwaspDateBoundSuppressions

Adds an expiration date to all OWASP suppressions in order to ensure that they are periodically reviewed. For use with the OWASP dependency-check tool. More details: https://jeremylong.github.io/DependencyCheck/general/suppression.html.

Recipe source

GitHub, Issue Tracker, Maven Central

groupId: org.openrewrite
artifactId: rewrite-xml
version: 8.24.0

Options

Type

Name

Description

Example

Usage

This recipe has no required configuration parameters and comes from a rewrite core library. It can be activated directly without adding any dependencies.

Add the following to your build.gradle file:

build.gradle

plugins {
    id("org.openrewrite.rewrite") version("6.12.0")
}

rewrite {
    activeRecipe("org.openrewrite.xml.security.AddOwaspDateBoundSuppressions")
}

repositories {
    mavenCentral()
}

Run gradle rewriteRun to run the recipe.

Create a file named init.gradle in the root of your project.

init.gradle

initscript {
    repositories {
        maven { url "https://plugins.gradle.org/m2" }
    }
    dependencies { classpath("org.openrewrite:plugin:latest.release") }
}
rootProject {
    plugins.apply(org.openrewrite.gradle.RewritePlugin)
    dependencies {
        rewrite("org.openrewrite:rewrite-java")
    }
    rewrite {
        activeRecipe("org.openrewrite.xml.security.AddOwaspDateBoundSuppressions")
    }
    afterEvaluate {
        if (repositories.isEmpty()) {
            repositories {
                mavenCentral()
            }
        }
    }
}

Run gradle --init-script init.gradle rewriteRun to run the recipe.

Add the following to your pom.xml file:

pom.xml

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.29.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.xml.security.AddOwaspDateBoundSuppressions</recipe>
          </activeRecipes>
        </configuration>
      </plugin>
    </plugins>
  </build>
</project>

Run mvn rewrite:run to run the recipe.

You will need to have Maven installed on your machine before you can run the following command.

shell

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.activeRecipes=org.openrewrite.xml.security.AddOwaspDateBoundSuppressions

You will need to have configured the Moderne CLI on your machine before you can run the following command.

shell

mod run . --recipe AddOwaspDateBoundSuppressions

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Kevin McCarpenter™️, Jonathan Schnéider, Jonathan Leitschuh, Patrick, Tim te Beek

PreviousSecurity NextFind OWASP vulnerability suppression XML files

Last updated 1 day ago