OWASP dependency-check 1.4.0

[Jeremy Long]

The OWASP dependency-check team is pleased to announce the release of version 1.4.0! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin).

In addition to the 1.4.0 release Alexander has created an SBT dependency-check plugin! The dependency-check site(s) will be updated in the near future to list this plugin.

Release Notes 1.4.0

-------------------

In addition to minor bug fixes and updates the following notable changes were made in the 1.4.0 release:

• Experimental Analyzers - In the 1.3 branch several analyzers were added to add support for Ruby, Node.js, Python, PHP, and some C/C++ build systems. While the engine does work – there is a higher false positive and possibly false negative rate for these added technologies. Until more work can be done to improve these analyzers they have been moved to an ‘experimental’ status. Each of the interfaces for dependency-check (CLI, Maven, Ant, Gradle, etc.) now have an enable experimental configuration option. If this is not set to enable the experimental analyzers they will not be loaded or used. While they are still useful, we wanted to make sure users understood that these analyzers may have ore false positives and false negatives.
  
• Updated proxy configuration documentation to assist those that are having issues
  
• Updated database script to be more performant
  
• Added support for MS SQL Server (see the database server page).
  
• Fixed a bug in the gradle plugin for multi-module projects, reports are now correctly placed into the childs build/reports directory.
• Work was done on the Ruby analyzers to combine findings from dependency-check core and bunde audit.
  

Release Notes 1.3.6

-------------------

Several minor bug fixes and improvements were made. Changes were made to the initialization scripts for MySQL and Oracle. Improvements were made to the python and ruby analyzers.

Best Regards,

The OWASP dependency-check team

[Badalucco, Christopher M.]

I’m getting a 404 when I try and follow the Gradle plugin link.  I also don’t see any mention of it in the README.md at https://github.com/jeremylong/DependencyCheck.  Are there issues with the 1.4.0 Gradle plugin?

Thanks,

-Chris

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

The information in this email is confidential and may be legally privileged against disclosure other than to the intended recipient. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Please immediately delete this message and inform the sender of this error.

[Jeremy Long]

I apologize about the broken link - I copied the wrong link into the original message. For the gradle plugin see:

1) Github repo: https://github.com/jeremylong/dependency-check-gradle

2) Additional documentation: http://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html

--Jeremy