dependency-check-gradle
dependency-check-gradle copied to clipboard
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
Hello, I am using Gradle 7.4 and dependencycheck 7.1.1 The verification failed for the POM ```xml ``` the key in use appears to be the right key, but when we...
Hi, I am currently having issues with a specific build. The exception trace shows that some files can't be downloaded: `Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download...
Add option to specify OSS Index URL - useful for onprem mirrors/proxies in corporate environment. Exposes functionality available in maven plugin by using the `` parameter.
Currently `skipTestGroups` operates on the implicit prefixes of `test` and `androidTest` (the other explicit matches don't end up mattering since they meet these prefixes). It would be helpful if these...
In seems for multiple scans of different projects, we get from time to time Rate limit exceeded error. It would be great if _--ossIndexRemoteErrorWarnOnly_ can be added tothe gradle plugin...
Fix documentation in README
Hello, I am currently trying to execute ./gradlew dependencyCheckUpdate on a project on my local machine and receive a strange error which doesnt allow the Database Structure to be created....
Maybe I'm missing it, but with the Gradle plugin can I see what declared dependency led to a detected vulnerability? For instance, if I add 'org.owasp:dependency-check-maven:7.0.0' and then run dependencyCheckAnalyze,...
Hi, seems that the plugin is not Gradle 7 compliant. When running task (dependencyCheck or dependencyCheckAggregate) from dependency-check plugin with the option `--warning-mode all` what i get is the following...
Hello! Also from my side: Thank you very much, for this awesome project, and all the effort you're putting into it! To my question: I have a multi-module Android project...