dependency-check-gradle
dependency-check-gradle copied to clipboard
dependency-check
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
After upgrading to v9 my build fails with an OutOfMemory error. It works on my notebook just not on the build server I use. Maybe it's just necessary to increase...
Hi there. I have recently added this plugin to my project. When running `./gradlew dependencyCheckAnalyze` locally, everything runs correctly. However, when running using the Azure Devops [Gradle task](https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/gradle-v3?view=azure-pipelines&viewFallbackFrom=azure-devops), the command...
It would be helpful to document how to publish and test the plugin locally when trying out changes
When I try to run any task from this Plugin, using the **Kotlin DSL** and **Gradle Plugin version 8.0**, such as `./gradlew dependencyCheckUpdate`, I get his error related with Jackson:...
tl;dr: based on some basic testing, plugin works with Gradle 7.6+ and with 5.0-6.5.1. Also see the last paragraph I started investigating this to better understand how difficult it would...
I get lots and lots of message of this type for varying configurations when running the dependencyCheckAggregate task: `Resolution of the configuration :jsource:osis:runtime:server:spotbugsPlugins was attempted from a context different than...
Docs seem to suggest that both tasks `dependencyCheckAnalyze` and `dependencyCheckAggregate` are configured using `dependencyCheck`, see Example section: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration-aggregate.html But I want to configure them independently, from the root `build.gradle` file....
I am using the gradle plugin in version 8.2.1. The task `dependencyCheckAnalyze` gives me three CVEs, which all seem to be transitive dependencies of the plugin itself: - guava-31.1-jre.jar (CVE-2020-8908)...
If I use below plugin together for java application classpath 'org.owasp:dependency-check-gradle:8.2.1' classpath 'name.remal.gradle-plugins.sonarlint:sonarlint:3.0.8' apply plugin: 'org.owasp.dependencycheck' apply plugin: 'name.remal.sonarlint' > Task :dependencyCheckAnalyze The Yarn Audit Analyzer has been disabled. Yarn...
I'm not entirely sure, but I don't think it's currently possible to hold two configurations. Use case: one configuration for the CI run (with suppressions, CVE score = 0), another...
Metadata
Owner
Metadata
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.