sbt-dependency-check
sbt-dependency-check copied to clipboard
albuch
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
## About this PR 📦 Updates [org.xerial.sbt:sbt-sonatype](https://github.com/xerial/sbt-sonatype) from `3.9.21` to `3.12.0` 📜 [GitHub Release Notes](https://github.com/xerial/sbt-sonatype/releases/tag/v3.12.0) - [Release Notes](https://github.com/xerial/sbt-sonatype/blob/master/ReleaseNotes.md) - [Version Diff](https://github.com/xerial/sbt-sonatype/compare/v3.9.21...v3.12.0) ## Usage ✅ **Please merge!** I'll automatically update this...
## About this PR 📦 Updates [com.github.sbt:sbt-pgp](https://github.com/sbt/sbt-pgp) from `2.2.1` to `2.3.0` 📜 [GitHub Release Notes](https://github.com/sbt/sbt-pgp/releases/tag/v2.3.0) - [Version Diff](https://github.com/sbt/sbt-pgp/compare/v2.2.1...v2.3.0) ## Usage ✅ **Please merge!** I'll automatically update this PR to resolve...
## About this PR 📦 Updates org.slf4j:slf4j-simple from `2.0.9` to `2.0.17` ## Usage ✅ **Please merge!** I'll automatically update this PR to resolve conflicts as long as you don't change...
The OWASP DependencyCheck repository has moved to https://github.com/dependency-check/DependencyCheck (the side has also moved to https://dependency-check.github.io/DependencyCheck/) This repository has several links to the old (still existing/archived) repository: https://github.com/search?q=repo%3Aalbuch%2Fsbt-dependency-check%20jeremylong&type=code
## About this PR 📦 Updates [com.github.sbt:sbt-pgp](https://github.com/sbt/sbt-pgp) from `2.2.1` to `2.3.1` 📜 [GitHub Release Notes](https://github.com/sbt/sbt-pgp/releases/tag/v2.3.1) - [Version Diff](https://github.com/sbt/sbt-pgp/compare/v2.2.1...v2.3.1) ## Usage ✅ **Please merge!** I'll automatically update this PR to resolve...
#### Describe the bug Builds will start failing due to the plugin [sbt-dependency-check](https://github.com/albuch/sbt-dependency-check) --> pointing to an old version of the dependency-check-core 8.4.0 I believe. #### Version of sbt-dependency-check used...
I run `sbt dependencyCheck` for my project on Bitbucket pipeline. Sometimes it fails with an error in downloading `gz` file from `https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz` the error - ``` 06:52:35.960 [pool-7-thread-1] ERROR org.owasp.dependencycheck.utils.HttpResourceConnection...
