dependency-check 1.2.2 released

[Jeremy Long]

Version 1.2.2 of dependency-check has been released! The Maven plugin is in central, the Ant task is in central and hosted on bintray, the command line interface is available via bintray and Jenkins is available via Jenkins plugin management. See the project documentation site for configuration and usage.

I am working on some interesting additions to the report that will be released during the Blackhat Arsenal on August 6th, 2014.

Release Notes for 1.2.2:

Cleaned up the github repo so that several of the large test resources were removed from the history. This reduced the size of the repo from ~860mb to ~100mb at the cost of breaking the unit tests on old tags (because some of the test resources are no longer present).

Added initial documentation on the file analyzers (see File Type Analyzers in the left hand menu on the project documentation site).

CLI and Ant

- Corrected the command line parameter 'proxyUrl' to be 'proxyServer'

Jenkins

- Added experimental support for Maven artifact analysis in Maven jobs

- Added global configuration of analyzers and temporary directory

Core

- Added the ability to suppress CPE/CVE based on the Maven GAV coordinates

- Split out some utility classes into a separate module 'dependency-check-utils'

- Created a base suppression XML file to make future false positive reduction easier to implement

- Reduced false positives on Spring Security and Apache POI

- Fixed minor logic error that caused false positives to be reported in some cases

- Removed remaining duplicate entries in the evidence displayed in the report

- The Jar Analyzer will now identify the Maven coordinates and list them as an identifier; however, if the Nexus Analyzer does not identify the same coordinates the Maven identifier will not be hyperlinked