OWASP dependency-check 2.0.0 released!

[Jeremy Long]

The OWASP dependency-check team is pleased to announce the release of version 2.0.0! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin, and SBT Plugin).

Special thanks to everyone that submitted a Pull Request! 

Release Notes

-------------------

In addition to general bug fixes and false positive reductions the following enhancements were made:

• Support for multiple suppression files
• The suppression notes are also added to the generated report
• Expanded the Maven plugins capability to exclude scopes (added `system`) and an option to exclude dependency types
• Add an NSP analyzer to enhance analysis of Node.js.
• Add new report formats: CSV and JSON
• Dependencies that were found in Central or a local Nexus are now marked with a green check in the HTML report.

Enhancements specific to the Jenkins plugin include:

• Updated analysis-core to v1.86
  
• Added support for Node Security Platform
  
• Added Jenkins Pipeline support to all builders
  
• Added finer control over optional HTML, JSON, and CSV reports to generate
  
• Added ability to publish Dependency-Check results to Dependency-Track v3
  
• Enhancements to user interface
  
• Fixed bug that prevented updateOnly builder from using external database
  
• Fixed bug that failed to mask password when using external database 
  

Best Regards,

The OWASP dependency-check team

[David Karlsen]

I'm having trouble downloading the checksum databases with v2.0.0 - same config in 1.4.3 worked just fine.

[Jeremy Long]

David,

Sorry to hear that. Can you please open an issue on github with additional information about the failure?

--Jeremy

[Jeremy Long]

I forgot to add one important release note for users of the gradle plugin. The `dependencyCheck` task was renamed to `dependencyCheckAnalyze`. See https://github.com/jeremylong/dependency-check-gradle#current-release

--Jeremy