Fix Example Vulnerable Method for Gradle
Veracode SCA supports vulnerable method analysis for the Gradle, Maven, and Ant package managers.
These example steps provide a fix for a Information Disclosure vulnerable method in the jBCrypt library in the example-java-gradle repository.
To complete this task:
In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
Click the Agent-Based Scan tab.
Select your workspace.
Click Projects.
Click the srcclr/example-java-gradle project.
Click Information Disclosure Of Password Hashes Through Crypt_raw in the Vulnerabilities table.
The Vulnerable Methods section shows that the
crypt_raw
method is the vulnerable part of the library.To address the identified vulnerable method, do one of these tasks:
- Change your code to perform in the same manner without relying on this particular method.
- Follow the provided instructions to update the library to a safe version.