Jeremy Long

You could use https://github.com/CycloneDX/cyclonedx-node-npm to cover the npm dependencies. Generate the cocoapods sbom with this project. Finally, use https://github.com/CycloneDX/cyclonedx-cli to merge the two sboms.

The only changes impactful changes to the plugin since 10.0.3 are: - https://github.com/dependency-check/dependency-check-gradle/pull/407 - very unlikely source of the problem - https://github.com/dependency-check/dependency-check-gradle/pull/403 - very unlikely source of the problem -...

My guess is due to the change in #404 we need to update the documentation.

@Vampire do you have any thoughts on this?

The joys of using latest - even when latest could have bumped a major version indicating breaking changes... semantic versioning ftw.

report FP [here](https://github.com/jeremylong/DependencyCheck/issues/new?assignees=&labels=FP+Report&projects=&template=false-positive-report.yml&title=%5BFP%5D%3A+). Regarding the test groups - I have not had time to look into this. Do you have a sample project that causes the issue?

no sample project has been provided. If this is still an issue you can re-open this or create a new issue. Please include a project to replicate the problem.

Another option would be to skip the configurations if they shouldn't be analyzed.

Please see the readme: https://github.com/dependency-check/dependency-check-gradle/tree/v11.0.0?tab=readme-ov-file#gradle-build-environment

At the moment, no. I do not believe so. You could use an init-script - i.e. write the config to disk temporarily with the API key and then run the...