SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
dependencyCheckPathToYarn
and dependencyCheckMSBuildAnalyzerEnabled
from a previous update of dependency-check-coredependencyCheckYarnAuditAnalyzerEnabled
setting not having any effect and dependencyCheckListSettings
task not printing correct value for dependencyCheckYarnAuditAnalyzerEnabled
setting #163dependencyCheckYarnAuditAnalyzerEnabled
SARIF
v0.13.x
support. It's time to upgrade to sbt v1.x
if you haven't done already.v2.0.0
or earlier make sure to run dependencyCheckPurge
once before running any other task as there are incompatible database changes.Global
or ThisBuild
to set up your own defaults for all your projects in your build. See #100 and the updated Multi-Project Setup section in the README.dependencyCheckPurge
task which was using an outdated hard-coded value for the database filename and therefore never deleting the database. This was additionally causing users issues when uprading to sbt-dependency-check v2.1.0
as it was a required step in the upgrade path. See #145JvmPlugin
disabled. #122dependencyCheckFormat
. #148Updated dependency-check-core to v6.0.3 (#140). See release notes of DependencyCheck v5.3.1 - v6.0.3
dependencyCheckPurge
to clean your database
dependencyCheckPEAnalyzerEnabled
dependencyCheckPipAnalyzerEnabled
, dependencyCheckPipfileAnalyzerEnabled
,dependencyCheckMixAuditAnalyzerEnabled
. Configure dependencyCheckMixAuditPath
to point to the mix_audit binarydependencyCheckCveUser
and dependencyCheckCvePassword
settings to support NVD feed mirrors with Basic AuthenticationUpdated dependency-check-core to v5.3.0 (#118). See release notes of DependencyCheck v5.3.0
dependencyCheckAggregate
previously scanned all projects and now only scans project aggregates and dependents. Use the new task dependencyCheckAnyProject
to scan all projects.dependencyCheckNPMCPEAnalyzerEnabled
dependencyCheckNodeAuditSkipDevDependencies
Updated dependency-check-core to v5.2.2. See release notes of v5.2.2 for more details.
Added better logging of exception collections.