dependency-check-gradle
dependency-check-gradle copied to clipboard
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
Using Gradle 7.4 and plugin version 6.5.3 on a multi-module build. Proxy is configured correctly in ~/.gradle/gradle.properties Anytime I run both `dependencyCheckUpdate` and `dependencyCheckAggregate` together in the same Gradle command...
First of all: Thanks for the awesome project! We use the dependency check for all our projects and new ones are developed using JDK 11 instead of JDK 1.8. We...
In the `AbstractAnalyze` class you use `new File(...)` for the output directory. This is sub-optimal, because for a relative path, this method constructs a file relative to the users work...
Using gradle 7 with dependencycheck 6.1.5, the following exception is printed when running dependencyCheckAnalyze: ``` > Task :dependencyCheckAnalyze Could not register JMX bean. javax.management.InstanceAlreadyExistsException: org.apache.commons.jcs:type=JCSAdminBean at java.management/com.sun.jmx.mbeanserver.Repository.addMBean(Repository.java:436) at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerWithRepository(DefaultMBeanServerInterceptor.java:1855) at...
In a Spring-Boot project and dependency-check-gradle, I get a NoSuchMethodError exception. Gradle 5.6.4, Java 8, macOS 10.15.x org.owasp:dependency-check-gradle:6.1.0 ``` Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis: InitializationException:...
I’ve got the following already under `allprojects`: apply plugin: 'org.owasp.dependencycheck' dependencyCheck { failBuildOnCVSS = 8 scanSet = [project.layout.projectDirectory.dir("src").asFile] skipConfigurations += 'lintClassPath' } // doesn’t work: tasks.findByName("check")?.dependsOn(dependencyCheckAnalyze) But I can’t get...
Running dependency check on a large project takes quite a while. Gradle has build caching to alleviate this problem for tasks that have not changed. Dependency check does not properly...
A sub-project in my Gradle multi-project build is triggering a false positive. If the jar file for the sub project has previously been built, then a gav or packageUrl suppression...
Hi @jeremylong, even though a fix for the nonProxyHosts property was tried via #185, it is still broken. Reason is this code snippet: https://github.com/jeremylong/dependency-check-gradle/blob/b3206077654ff9090d2633b8ad67bf7654e2b13f/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy#L175-L177 It checks via Groovy magic whether...
If you're using configuring the plugin using Java code, you really want to write things like this: dependencyCheck.cve(cve -> { cve.setUrlBase(...); }); But currently you can't, because the `cve` method...