dependency-check-gradle
dependency-check-gradle copied to clipboard
dependency-check
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
My Android project has dozens of build variants, but I'd like to be able to run a dependency check on a single variant.
Similar to https://github.com/dependency-check/dependency-check-gradle/issues/279, i have the issue of the plugin not working due to a missing yarn installation. - I understand that this error happens, when the plugin scans a...
The documentation states a suppression attribute 'cvssBelow'. ``` 7 ``` For me it seems it's not working, at least not on a specific CVE suppression.
https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration-aggregate.html The documentation doesn't have very much to say about the Slack integration. I thought it would send notifications about severe vulnerabilities, and I had to go digging to find...
I am using this for the very first time, and I have been reading through the documentation. While reading, I found some seemingly contradictory information. In the [Analyze Task Configuration...
I have a multi module build and I have added the owasp plgin to my root gradle build file. When I run build I get this error. Removing the owasp...
Currently, the `skipTestGroups` only checks for configurations starting with `androidTest` or `test`. But this does not match things like `integTest...`, `systemTest...`, `functionalTest...`, ... I think for the default recognition it...
We updated our Android project to use the newer version of the Android Gradle Plugin(8.3.1) paired with a Gradle update from 8.2 to 8.4. This seems to break even the...
Is it possible to pass the NVD Api key as a parameter to the dependencyCheckanalyse task?
Hello, I'm using this plugin for the first time on an Android App and I noticed something When using **Kotlin version 2.0** and `skipTestGroups=false` I have the following error: >...
Metadata
Owner
Metadata
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.