dependency-check-gradle icon indicating copy to clipboard operation
dependency-check-gradle copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

Support for vulnerability analysis of gradle version catalog

Open mluckam opened this issue 1 year ago • 1 comments

Gradle introduced version catalog as part of gradle 7. This plugin is capable of determining dependency vulnerabilities in projects that utilize a version catalog. What I propose is the ability to determine vulnerabilities on the libraries and plugins declared in a version catalog project. This would allow for a gradle version catalog to maintain vulnerability information instead of depending on downstream projects to report a vulnerability.

This functionality could be added to the task 'dependencyCheckAnalyze'. Alternatively a new task something like 'catalogCheckAnalyze' could be utilized to perform this operation. Wanted to discuss the proposal to gauge interest.

mluckam avatar Jan 16 '24 21:01 mluckam

This would be a good addition.

jeremylong avatar Jan 17 '24 10:01 jeremylong