DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

How to see the transitive dependencies in the report after the scan?

Open JyotsanaShankar opened this issue 1 year ago • 4 comments
trafficstars

I am a new user and I scanned the DependencyCheck code using the DependencyCheck itself. But I am not able to see transitive dependencies. Can you please help me how to check that?

JyotsanaShankar avatar Mar 26 '24 11:03 JyotsanaShankar

Use the Maven or Gradle plugin to scan your Java projects. Avoid the CLI/Docker/GitHub Action.

jeremylong avatar Mar 26 '24 11:03 jeremylong

I tried to install maven maven and got these errors, not able to understand the reason...how to resolve this?

[ERROR] Errors: [ERROR] GolangModAnalyzerTest.testGoMod:97 » Runtime java.io.IOException: Could not start 'go mod edit' in path 'C:\Users\I575878\Projects\DependencyCheck\core\target\temp\dctemp8e4b4df2-6409-4986-9528-48746c528ca0'. Details: CreateProcess error=2, The system cannot find the file specified [INFO] [ERROR] Tests run: 477, Failures: 0, Errors: 1, Skipped: 14 [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for Dependency-Check 9.0.10-SNAPSHOT: [INFO] [INFO] Dependency-Check ................................... SUCCESS [ 9.251 s] [INFO] Dependency-Check Utils ............................. SUCCESS [ 43.398 s] [INFO] Dependency-Check Core .............................. FAILURE [01:28 min] [INFO] Dependency-Check Command Line ...................... SKIPPED [INFO] Dependency-Check Ant Task .......................... SKIPPED [INFO] Dependency-Check Maven Plugin ...................... SKIPPED [INFO] Dependency-Check Plugin Archetype .................. SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 02:22 min [INFO] Finished at: 2024-03-26T19:11:46+01:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.2.2:test (default-test) on project dependency-check-core: [ERROR] [ERROR] Please refer to C:\Users\I575878\Projects\DependencyCheck\core\target\surefire-reports for the individual test results. [ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream. [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :dependency-check-core

JyotsanaShankar avatar Mar 26 '24 18:03 JyotsanaShankar

Use the Maven or Gradle plugin to scan your Java projects. Avoid the CLI/Docker/GitHub Action.

Is there any steps or guide or any youtube video to do that can you please share that?

JyotsanaShankar avatar Mar 27 '24 08:03 JyotsanaShankar

The only thing I've created is the documentation:

  • https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
  • https://jeremylong.github.io/DependencyCheck/data/index.html
    • https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html
    • https://jeremylong.github.io/DependencyCheck/data/cacheh2.html

jeremylong avatar Mar 27 '24 10:03 jeremylong