dependency-check-gradle icon indicating copy to clipboard operation
dependency-check-gradle copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

Metadata

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.

Results 58 dependency-check-gradle issues
Sort by recently updated
recently updated
newest added

PGP Verification Failed

2 comment

Hello, I am using Gradle 7.4 and dependencycheck 7.1.1 The verification failed for the POM ```xml ``` the key in use appears to be the right key, but when we...

NickPadilla avatar NickPadilla

bug

jsrepository.json empty, fails build

1 comment

Hi, I am currently having issues with a specific build. The exception trace shows that some files can't be downloaded: `Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download...

clarinetcat avatar clarinetcat

question

Add option to specify OSS Index URL

Add option to specify OSS Index URL - useful for onprem mirrors/proxies in corporate environment. Exposes functionality available in maven plugin by using the `` parameter.

paveljandejsek avatar paveljandejsek

Make skipTestGroups resolution logic configurable

1 comment

Currently `skipTestGroups` operates on the implicit prefixes of `test` and `androidTest` (the other explicit matches don't end up mattering since they meet these prefixes). It would be helpful if these...

mcwhitak avatar mcwhitak

expose --ossIndexRemoteErrorWarnOnly to gradle plugin

In seems for multiple scans of different projects, we get from time to time Rate limit exceeded error. It would be great if _--ossIndexRemoteErrorWarnOnly_ can be added tothe gradle plugin...

valicraciun avatar valicraciun

Latest version is 7.1.0.1 instead of 7.1.0

Fix documentation in README

tremblaysimon avatar tremblaysimon

Creating database structure does not work

Hello, I am currently trying to execute ./gradlew dependencyCheckUpdate on a project on my local machine and receive a strange error which doesnt allow the Database Structure to be created....

robingood avatar robingood

Show source of vulnerable transitive dependency

2 comment

Maybe I'm missing it, but with the Gradle plugin can I see what declared dependency led to a detected vulnerability? For instance, if I add 'org.owasp:dependency-check-maven:7.0.0' and then run dependencyCheckAnalyze,...

PaulCormier avatar PaulCormier

enhancement

Compatibility with gradle 7

2 comment

Hi, seems that the plugin is not Gradle 7 compliant. When running task (dependencyCheck or dependencyCheckAggregate) from dependency-check plugin with the option `--warning-mode all` what i get is the following...

occhioni-esteco avatar occhioni-esteco

question

How to avoid Kotlin vulnerabilities in Android Kotlin project with Kotlin-DSL

4 comment

Hello! Also from my side: Thank you very much, for this awesome project, and all the effort you're putting into it! To my question: I have a multi-module Android project...

Moes81 avatar Moes81

Metadata

349
Stars
89
Forks
Watchers

Owner

verified publisher icon dependency-check

Metadata

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.

Back