Comment on page

Update OWASP suppression date bounds

org.openrewrite.xml.security.UpdateOwaspSuppressionDate
Updates the expiration date for OWASP suppressions having a matching cve tag. For use with the OWASP dependency-check tool. More details: https://jeremylong.github.io/DependencyCheck/general/suppression.html.
Recipe source
​GitHub, Issue Tracker, Maven Central​
groupId: org.openrewrite
artifactId: rewrite-xml
version: 8.9.5
Options
Type
Name
Description
List
cveList
Update suppressions having any of the specified CVE tags.
String
untilDate
Optional. Optional. The date to add to the suppression. Default will be 30 days from today.
Usage
This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your rewrite.yml create a new recipe with a unique name. For example: com.yourorg.UpdateOwaspSuppressionDateExample. Here's how you can define and customize such a recipe within your rewrite.yml:
rewrite.yml
---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.UpdateOwaspSuppressionDateExample
displayName: Update OWASP suppression date bounds example
recipeList:
  - org.openrewrite.xml.security.UpdateOwaspSuppressionDate:
      cveList: CVE-2022-1234
      untilDate: 2023-01-01
Now that com.yourorg.UpdateOwaspSuppressionDateExample has been defined activate it in your build file:
Gradle
Maven
Moderne CLI
1.Add the following to your build.gradle file:
build.gradle
plugins {
    id("org.openrewrite.rewrite") version("6.5.6")
}
​
rewrite {
    activeRecipe("com.yourorg.UpdateOwaspSuppressionDateExample")
}
​
repositories {
    mavenCentral()
}
2.Run gradle rewriteRun to run the recipe.
1.Add the following to your pom.xml file:
pom.xml
<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.13.0</version>
        <configuration>
          <activeRecipes>
            <recipe>com.yourorg.UpdateOwaspSuppressionDateExample</recipe>
          </activeRecipes>
        </configuration>
      </plugin>
    </plugins>
  </build>
</project>
2.Run mvn rewrite:run to run the recipe.
You will need to have configured the Moderne CLI on your machine before you can run the following command.
shell
mod run . --recipe UpdateOwaspSuppressionDate
See how this recipe works across multiple open-source repositories
​​
​​
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Patrick Way, Jonathan Schnéider, Patrick, Jonathan Leitschuh​

Type	Name	Description
`List`	cveList	Update suppressions having any of the specified CVE tags.
`String`	untilDate	Optional. Optional. The date to add to the suppression. Default will be 30 days from today.

Remove out-of-date OWASP suppressions

LaunchDarkly

Last modified 9d ago