SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Upgraded dependency-check-core to v.8.1.2. See release notes for DependencyCheck from v8.1.1 to v8.1.2 for details.
dependencyCheckHostedSuppressionsEnabled
to disabled the use of the hosted suppression filev5.0.0
were not appliedUpdated dependency-check-core to v.8.1.0. See release notes for DependencyCheck from v8.0.0 to v8.1.0 for details.
The database schema was updated - if using an external database the update/initialization scripts must be run!
dependencyCheckHostedSuppressionsUrl
, dependencyCheckHostedSuppressionsForceUpdate
and dependencyCheckHostedSuppressionsValidForHours
for a hosted suppression file to allow for faster remediation of reported false-positives. Defaults to a file maintained by the DependencyCheck project team.dependencyCheckKnownExploitedEnabled
, dependencyCheckKnownExploitedUrl
and dependencyCheckKnownExploitedValidForHours
dependencyCheckRetireJsAnalyzerRepoUser
, dependencyCheckRetireJsAnalyzerRepoPassword
Pipefile.lock
files are now supportedUpdate dependency-check-core to v7.4.4. See release notes for DependencyCheck from v7.3.1 to v7.4.4 for details.
dependencyCheckPoetryAnalyzerEnabled
for experimental Python Poetry AnalyzerUpdate dependency-check-core to v7.3.0. See release notes for DependencyCheck from v7.2.0 to v7.3.0 for details.
dependencyCheckDartAnalyzerEnabled
dependencyCheckConnectionReadTimeout
maven_install.json
: dependencyCheckMavenInstallAnalyzerEnabled
dependencyCheckAutoUpdate
setting: dependencyCheckRetireJSForceUpdate
Update dependency-check-core
to v7.1.0. See release notes for DependencyCheck v7.1.0 for details
Updated dependency-check-core to v7.0.0. See release notes of DependencyCheck of v7.0.0 for details
dependencyCheckDataDirectory
setting you will need to run dependencyCheckPurge
after upgrading.v1.2.8
or lower for all releases since v3.2.0
of sbt-dependency-check
(#238)dependencyCheckPNPMAuditAnalayzerEnabled
and dependencyCheckPathToPNPM
for the new pnpm analyzer.dependencyCheckCveWaitTime
for the time in milliseconds to wait between downloads from the NVD.dependencyCheckCveStartYear
for the first year of NVD CVE data to download from the NVD.dependencyCheckCpanFileAnalyzerEnabled
for Perl CPAN File AnalyzerdependencyCheckNodePackageSkipDevDependencies
to disable checking dev dependencies for Node.js AnalyzerdependencyCheckSwiftPackageResolvedAnalyzerEnabled
for Swift Package Resolved Analyzer