Skip to main content

Fix example vulnerable method for Gradle

Veracode SCA supports vulnerable method analysis for the Gradle, Maven, and Ant package managers.

These example steps provide a fix for an Information Disclosure vulnerable method in the jBCrypt library in the example-java-gradle repository.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.

  2. Click the Agent-Based Scan tab.

  3. Select your workspace.

  4. Click Projects.

  5. Click the srcclr/example-java-gradle project.

  6. Click Information Disclosure Of Password Hashes Through Crypt_raw in the Vulnerabilities table.

    The Vulnerable Methods section shows that the crypt_raw method is the vulnerable part of the library.

  7. To address the identified vulnerable method, do one of these tasks:

    • Change your code to perform in the same manner without relying on this particular method.
    • Follow the provided instructions to update the library to a safe version.
  8. Validate the fix.