OWASP dependency-check 2.0.1 released!

368 views
Skip to first unread message

Dependency Check

unread,
Jul 24, 2017, 6:45:36 AM7/24/17
to Dependency Check
The OWASP dependency-check team is pleased to announce the release of version 2.1.0! Please visit the documentation site for information on obtaining the new version (CLIMaven PluginAnt TaskGradle PluginJenkins Plugin, and SBT Plugin).

Release Notes
-------------------
  • General bug fixes and false positive reduction
  • For developers building integrations with dependency-check, the core engine has introduced execution mode: Evidence Collection, Evidence Processing, and Standard (default). See PR #798 for more information.
  • Fixed bug that prevented the use of Postgres and Oracle databases with dependency-check.
  • Ruby Bundle-Audit Analyzer has been promoted and is no longer considered experimental.
  • Maven Plugin - the aggregate goal now correctly fails the build if an error occurs running dependency-check
  • Ant Task - in order to better support multiple suppression files a change was made to the configuration. Please see the README.md for details on the change.
  • Gradle Plugin - the dependencyCheckAggregate task was introduced to better support multi-project builds.
Reminder for gradle users, when upgrading from 1.x to 2.x the `dependencyCheck` task was renamed to `dependencyCheckAnalyze`

Best Regards,

The OWASP dependency-check team

Dependency Check

unread,
Jul 24, 2017, 6:52:27 AM7/24/17
to Dependency Check
Addition to the release notes:
  • Maven Plugin - now scans standard maven directories for dependencies. This can be updated by configuring the ScanSet property.

Arbi Sookazian

unread,
Aug 14, 2017, 2:57:25 PM8/14/17
to Dependency Check, dependen...@googlegroups.com

Reproduced this error twice on same project:


[ERROR] Failed to execute goal org.owasp:dependency-check-maven:2.1.0:aggregate (default-cli) on project global-parent: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis: -> [Help 1]

org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:2.1.0:aggregate (default-cli) on project global-parent: One or more exceptions occurred during dependency-check analysis

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)

at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)

at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)

at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)

at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)

at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)

at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)

at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)

at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)

at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)

at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)

at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)

Caused by: org.apache.maven.plugin.MojoExecutionException: One or more exceptions occurred during dependency-check analysis

at org.owasp.dependencycheck.maven.AggregateMojo.runCheck(AggregateMojo.java:151)

at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:526)

at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)

... 20 more

Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:

at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.collectDependencies(BaseDependencyCheckMojo.java:744)

at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.scanArtifacts(BaseDependencyCheckMojo.java:656)

at org.owasp.dependencycheck.maven.AggregateMojo.runCheck(AggregateMojo.java:81)

... 23 more

Jeremy Long

unread,
Aug 15, 2017, 6:39:27 AM8/15/17
to Arbi Sookazian, Dependency Check
Please open an issue in the github repo: https://github.com/jeremylong/DependencyCheck/issues/

Thanks!

Jeremy

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-check+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages