dependency-check-gradle
dependency-check-gradle copied to clipboard
dependency-check
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
To make selecting which configurations are being scanned more robust regular expressions should be added to `scanConfigurations` and `skipConfigurations`. For backward compatability we should leave the current scan/skip configuration options...
For me it looks like in an aggregation build it is only possible to define "global" suppressions, right? But I believe it should be possible to define suppressions on a...
For instance: ``` ./gradlew dependencyCheckAggregate --failBuildOnCVSS 8 ``` I know `failBuildOnCVSS` could be specified in `build.*` files, however, it would be convenient if the tasks supported command-line options ( see...
we have set in our build.gradle: `dependencyCheck { failOnError = false }` and are using the newest version: `classpath("org.owasp:dependency-check-gradle:5.2.2")` yet our task fails: ```13:27:52 > Task :dependencyCheckAnalyze 13:27:52 Verifying dependencies...
Would be great a have a option to not fail the build, something like `ignoreBuildStatus` at [this](https://github.com/jeremylong/dependency-check-gradle/blob/master/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy#L345) point. If needed I can add a PR for this.
Adds configuration options to customize the settings for the hosted suppressions file to be integrated in DependencyCheck 8.0.0 by PR https://github.com/jeremylong/DependencyCheck/pull/4901 As this is for DependencyCheck 8.0.0 I've also updated...
Per #281 when `addInfoToDependencies` was updated one call was missed. This PR corrects the oversight and allows ODC to be used on older versions of gradle.
In file, [AbstractAnalyze.groovy](https://github.com/dependency-check/dependency-check-gradle/blob/main/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy) the method `processConfigLegacy()` calls `addInfoToDependencies()` with the wrong set of arguments, this causes confusing build messages when running the analyzer on Gradle versions pre 4.0 If Gradle...
Hi ! I've got an error when I try dependency check on my projet with version 6.5.3. It doesn't work either with newer version. ` Caused by: groovy.lang.MissingPropertyException: No such...
Hi, I am running a Gitlab pipeline (log here https://gitlab.com/velox-shop/commons/-/jobs/3124338908) It is a Java project, so yarn is not installed. I'm using plugin `id "org.owasp.dependencycheck" version "7.2.1"` and I get...
Metadata
Owner
Metadata
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.