diff --git a/ADOPTERS.md b/ADOPTERS.md index 5b94b540d2..85988052c7 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -20,7 +20,7 @@ pre-production (in alphabetical order): | [Apex Fintech Solutions] | [@spawar-apex] | Apex Fintech Solutions has integrated OWASP Dependency-Track into their CI/CD pipeline as part of the DevSecOps program. This integration allows for the upload of SBOMs (Software Bill of Materials) to the platform for comprehensive component analysis and a detailed understanding of the software inventory used in software applications. By analyzing the components in our monorepo, we enhance our vulnerability management program and gain valuable insights into transitive dependencies, which traditional SCA (Software Composition Analysis) tools often overlook. | | [Dutch Tax Office - Belastingdienst] | [@SudoHenk] | Dutch Tax Office has integrated OWASP Dependency-Track into their development processes as part of the DevSecOps program. We integrate Dependency-Track with various platforms and programming languages to gain vulnerability insights in our internally developed software. We want to thank all contributors of Dependency-Track creating a resilient and extensible SCA tool. Especially the API is a huge asset to integrate within the current organization processes. | -If you have adopted OWASP Depenency Track and would like to be included in this list, +If you have adopted OWASP Dependency Track and would like to be included in this list, feel free to submit a PR updating this file or [open an issue](https://github.com/). diff --git a/docs/_docs/analysis-types/known-vulnerabilities.md b/docs/_docs/analysis-types/known-vulnerabilities.md index 811ce5960f..25b5a38d1d 100644 --- a/docs/_docs/analysis-types/known-vulnerabilities.md +++ b/docs/_docs/analysis-types/known-vulnerabilities.md @@ -74,7 +74,7 @@ Snyk REST API version is updated every 6 months and can be referred at ### Trivy Analyzer Trivy analyzer relies on a server trivy instance to perform the analysis using REST API. -Trivy REST API is not publically documented so upgrading to a new version might lead to some issues. +Trivy REST API is not publicly documented so upgrading to a new version might lead to some issues. ### Analysis Result Cache diff --git a/docs/_docs/integrations/threadfix.md b/docs/_docs/integrations/threadfix.md index 040968aa09..3f44d0fd31 100644 --- a/docs/_docs/integrations/threadfix.md +++ b/docs/_docs/integrations/threadfix.md @@ -5,7 +5,7 @@ chapter: 6 order: 9 --- -ThreadFix includes a *remote provider* for Dependency-Track which provides seemless and automatic integration. +ThreadFix includes a *remote provider* for Dependency-Track which provides seamless and automatic integration. Vulnerabilities on a per-project basis in Dependency-Track are mapped to corresponding applications in ThreadFix along with details of every vulnerability. diff --git a/docs/_docs/terminology.md b/docs/_docs/terminology.md index 2b79c048e1..c06201ba50 100644 --- a/docs/_docs/terminology.md +++ b/docs/_docs/terminology.md @@ -61,7 +61,7 @@ An internally managed user that has the ability to login to Dependency-Track. ### Package URL (PURL) PURL or Package URL is a lightweight specification that standardizes the ability to reliably identify and locate software packages. PURL is a URI string used to identify and locate a software package in a mostly universal and -uniform way across programing languages, package managers, packaging conventions, tools, APIs and databases. +uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. See: ### Portfolio diff --git a/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java b/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java index 39ef61858f..30e0424170 100644 --- a/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java @@ -433,7 +433,7 @@ protected void deleteComponents(Project project) { } /** - * Deletes a Component and all objects dependant on the component. + * Deletes a Component and all objects dependent on the component. * @param component the Component to delete * @param commitIndex specifies if the search index should be committed (an expensive operation) */ diff --git a/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java b/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java index aabbaf291a..6e8f282898 100644 --- a/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java @@ -776,7 +776,7 @@ public Project clone( clonedComponent.setProperties(clonedProperties); } - // Add vulnerabilties and finding attribution from the source component to the cloned component + // Add vulnerabilities and finding attribution from the source component to the cloned component for (Vulnerability vuln : sourceComponent.getVulnerabilities()) { final FindingAttribution sourceAttribution = this.getFindingAttribution(vuln, sourceComponent); this.addVulnerability(vuln, clonedComponent, sourceAttribution.getAnalyzerIdentity(), sourceAttribution.getAlternateIdentifier(), sourceAttribution.getReferenceUrl(), sourceAttribution.getAttributedOn()); @@ -943,7 +943,7 @@ private static Set parseDirectDependenciesUuids( } /** - * Deletes a Project and all objects dependant on the project. + * Deletes a Project and all objects dependent on the project. * @param project the Project to delete * @param commitIndex specifies if the search index should be committed (an expensive operation) */ diff --git a/src/main/java/org/dependencytrack/persistence/ServiceComponentQueryManager.java b/src/main/java/org/dependencytrack/persistence/ServiceComponentQueryManager.java index cdca62409d..cbea133f7e 100644 --- a/src/main/java/org/dependencytrack/persistence/ServiceComponentQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/ServiceComponentQueryManager.java @@ -219,7 +219,7 @@ public boolean hasServiceComponents(final Project project) { } /** - * Deletes a ServiceComponent and all objects dependant on the service. + * Deletes a ServiceComponent and all objects dependent on the service. * @param service the ServiceComponent to delete * @param commitIndex specifies if the search index should be committed (an expensive operation) */ diff --git a/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java b/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java index 083db0a96b..7cb8d9a29b 100644 --- a/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java @@ -268,7 +268,7 @@ public void addVulnerability(Vulnerability vulnerability, Component component, A /** * Removes a vulnerability from a component. - * @param vulnerability the vulnerabillity to remove + * @param vulnerability the vulnerability to remove * @param component the component unaffected by the vulnerabiity */ public void removeVulnerability(Vulnerability vulnerability, Component component) { @@ -286,7 +286,7 @@ public void removeVulnerability(Vulnerability vulnerability, Component component /** * Returns a FindingAttribution object form a given vulnerability and component. - * @param vulnerability the vulnerabillity of the finding attribution + * @param vulnerability the vulnerability of the finding attribution * @param component the component of the finding attribution * @return a FindingAttribution object */ diff --git a/src/main/java/org/dependencytrack/policy/CoordinatesPolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/CoordinatesPolicyEvaluator.java index d1d019ac0f..236e7fb4ed 100644 --- a/src/main/java/org/dependencytrack/policy/CoordinatesPolicyEvaluator.java +++ b/src/main/java/org/dependencytrack/policy/CoordinatesPolicyEvaluator.java @@ -149,7 +149,7 @@ private boolean versionMatches(final String conditionValue, final String part) { * } * * - * @param condition teh condition to evaluate + * @param condition the condition to evaluate * @return the Coordinates */ private Coordinates parseCoordinatesDefinition(final PolicyCondition condition) { diff --git a/src/main/java/org/dependencytrack/policy/LicenseGroupPolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/LicenseGroupPolicyEvaluator.java index f405c2af01..c5c4accecd 100644 --- a/src/main/java/org/dependencytrack/policy/LicenseGroupPolicyEvaluator.java +++ b/src/main/java/org/dependencytrack/policy/LicenseGroupPolicyEvaluator.java @@ -44,7 +44,7 @@ public class LicenseGroupPolicyEvaluator extends AbstractPolicyEvaluator { /** * A license group that does not exist in the database and is therefore verified based on its - * licenses list directly instad of a database check + * licenses list directly instead of a database check */ private static class TemporaryLicenseGroup extends LicenseGroup { private static final long serialVersionUID = -1268650463377651000L; diff --git a/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java index f1c1c2abc5..c183835695 100644 --- a/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java +++ b/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java @@ -37,7 +37,7 @@ * Evaluates the {@link VersionDistance} between a {@link Component}'s current and it's latest * version against a {@link Policy}. This makes it possible to add a policy for checking outdated * components. The policy "greater than 0:1.?.?" for example means, a difference of only one - * between the curren version's major number and the latest version's major number is allowed. + * between the current version's major number and the latest version's major number is allowed. * * VersionDistances can be combined in a policy. For example "greater than 1:1.?.?" means a * difference of only one epoch number or one major number is allowed. Or "greater than 1.1.?" diff --git a/src/main/java/org/dependencytrack/resources/v1/NotificationPublisherResource.java b/src/main/java/org/dependencytrack/resources/v1/NotificationPublisherResource.java index 442247bdeb..3f259812f2 100644 --- a/src/main/java/org/dependencytrack/resources/v1/NotificationPublisherResource.java +++ b/src/main/java/org/dependencytrack/resources/v1/NotificationPublisherResource.java @@ -284,7 +284,7 @@ public Response restoreDefaultTemplates() { return Response.ok().build(); } catch (IOException ioException) { LOGGER.error(ioException.getMessage(), ioException); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occured while restoring default notification publisher templates.").build(); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occurred while restoring default notification publisher templates.").build(); } } @@ -322,7 +322,7 @@ public Response testSmtpPublisherConfig(@FormParam("destination") String destina return Response.ok().build(); } catch (InvocationTargetException | InstantiationException | IllegalAccessException | NoSuchMethodException e) { LOGGER.error(e.getMessage(), e); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occured while sending test mail notification.").build(); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occurred while sending test mail notification.").build(); } } diff --git a/src/main/java/org/dependencytrack/tasks/repositories/ComposerMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/ComposerMetaAnalyzer.java index 1fde488b6d..65772df112 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/ComposerMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/ComposerMetaAnalyzer.java @@ -156,7 +156,7 @@ public MetaModel analyze(final Component component) { return analyzeFromMetadataUrl(meta, component, packageMetaDataPathPattern); } - // initial batch of included pacakges is included in packages.json response + // initial batch of included packages is included in packages.json response if (isMinified(repoRoot)) { repoRoot.put("packages", expandPackages(repoRoot.getJSONObject("packages"))); } diff --git a/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java index cd6c2a80c1..86c8c28700 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java @@ -56,7 +56,7 @@ public interface IMetaAnalyzer { void setRepositoryUsernameAndPassword(String username, String password); /** - * Returns the type of repositry the analyzer supports. + * Returns the type of repository the analyzer supports. * @since 3.1.0 */ RepositoryType supportedRepositoryType(); diff --git a/src/main/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzer.java index cec9676fb5..c4bfff9c14 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzer.java @@ -104,7 +104,7 @@ public class NugetMetaAnalyzer extends AbstractMetaAnalyzer { /** * Sets the repository base URL which will then be used to retrieve and parse the service index. If the user has * specified a repo URL ending with index.json, it should be considered "fully qualified" and used as is to maximise - * compatability with non-nuget.org repos such as Artifactory. If not, preserve the previous Dependency Track + * compatibility with non-nuget.org repos such as Artifactory. If not, preserve the previous Dependency Track * behaviour of appending the nuget.org index to the supplied URL. * * @param baseUrl the base URL to the repository diff --git a/src/main/java/org/dependencytrack/util/VersionDistance.java b/src/main/java/org/dependencytrack/util/VersionDistance.java index 11f43f7297..db9667c21a 100644 --- a/src/main/java/org/dependencytrack/util/VersionDistance.java +++ b/src/main/java/org/dependencytrack/util/VersionDistance.java @@ -157,7 +157,7 @@ private static int parseVersion(String version) throws NumberFormatException { } /** - * Parse a string of combined {@link VersionDistance}s and return tham as a {@link VersionDistance} {@link List} + * Parse a string of combined {@link VersionDistance}s and return than as a {@link VersionDistance} {@link List} * @param combinedDistances combined version distance string, e.g 1:1.?.? -> (1:?.?.?, 0:1.?.?) * @return List of separate {@link VersionDistance}s * @throws NumberFormatException in case a version distance cannot be parsed diff --git a/src/test/java/org/dependencytrack/policy/VersionDistancePolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/VersionDistancePolicyEvaluatorTest.java index e95da0d6e3..ffe064e965 100644 --- a/src/test/java/org/dependencytrack/policy/VersionDistancePolicyEvaluatorTest.java +++ b/src/test/java/org/dependencytrack/policy/VersionDistancePolicyEvaluatorTest.java @@ -71,7 +71,7 @@ public static Collection testParameters() { Arguments.of("1.2.3", "1.2.3", Operator.NUMERIC_NOT_EQUAL, "{ \"major\": \"0\", \"minor\": \"0\", \"patch\": \"0\" }", false), Arguments.of("1.2.3", "1.2.3", Operator.NUMERIC_LESS_THAN, "{ \"major\": \"0\", \"minor\": \"0\", \"patch\": \"0\" }", false), Arguments.of("1.2.3", "1.2.3", Operator.NUMERIC_LESSER_THAN_OR_EQUAL, "{ \"major\": \"0\", \"minor\": \"0\", \"patch\": \"0\" }", true), - // Negative distanse. + // Negative distance. Arguments.of("2.3.4", "1.2.3", Operator.NUMERIC_GREATER_THAN_OR_EQUAL, "{ \"major\": \"1\", \"minor\": \"?\", \"patch\": \"?\" }", true), Arguments.of("2.3.4", "1.2.3", Operator.NUMERIC_GREATER_THAN, "{ \"major\": \"1\", \"minor\": \"?\", \"patch\": \"?\" }", false), Arguments.of("2.3.4", "1.2.3", Operator.NUMERIC_EQUAL, "{ \"major\": \"1\", \"minor\": \"?\", \"patch\": \"?\" }", true), @@ -93,7 +93,7 @@ public static Collection testParameters() { Arguments.of("0.2.2", "1.0.0", Operator.NUMERIC_EQUAL, "{\"epoch\": \"0\", \"major\": \"0\", \"minor\": \"1\", \"patch\": \"1\" }", false), // Unsupported operator. Arguments.of("1.2.3", "2.1.1", Operator.MATCHES, "{ \"major\": \"1\", \"minor\": \"?\", \"patch\": \"?\" }", false), - // Invalid distanse format. + // Invalid distance format. Arguments.of("1.2.3", "2.1.1", Operator.NUMERIC_EQUAL, "{ \"major\": \"1a\" }", false), // No known latestVersion. Arguments.of("1.2.3", null, Operator.NUMERIC_EQUAL, "{ \"major\": \"0\", \"minor\": \"0\", \"patch\": \"0\" }", false) diff --git a/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java index 17a82356de..0ec1256aa3 100644 --- a/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java +++ b/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java @@ -70,7 +70,7 @@ void getComponentsDefaultRequestTest() { /** * Generate a project with different dependencies - * @return A project with 1000 dpendencies:
    + * @return A project with 1000 dependencies:
      *
    • 200 outdated dependencies, 75 direct and 125 transitive
      • *
    • 800 recent dependencies, 25 direct, 775 transitive
      • * @throws MalformedPackageURLException @@ -87,9 +87,9 @@ private Project prepareProject() throws MalformedPackageURLException { component.setVersion(String.valueOf(i)+".0"); component.setPurl(new PackageURL(RepositoryType.MAVEN.toString(), "component-group", "component-name-"+i , String.valueOf(i)+".0", null, null)); component = qm.createComponent(component, false); - // direct depencencies + // direct dependencies if (i < 100) { - // 100 direct depencencies, 900 transitive depencencies + // 100 direct dependencies, 900 transitive dependencies directDepencencies.add("{\"uuid\":\"" + component.getUuid() + "\"}"); } // Recent & Outdated @@ -138,9 +138,9 @@ private Project prepareProjectUngroupedComponents() throws MalformedPackageURLEx component.setVersion(String.valueOf(i)+".0"); component.setPurl(new PackageURL(RepositoryType.PYPI.toString(), null, "component-name-"+i , String.valueOf(i)+".0", null, null)); component = qm.createComponent(component, false); - // direct depencencies + // direct dependencies if (i < 4) { - // 4 direct depencencies, 6 transitive depencencies + // 4 direct dependencies, 6 transitive dependencies directDepencencies.add("{\"uuid\":\"" + component.getUuid() + "\"}"); } // Recent & Outdated