Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dependency-check/dependency-check-gradle
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v10.0.2
Choose a base ref
...
head repository: dependency-check/dependency-check-gradle
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 20 commits
  • 28 files changed
  • 6 contributors

Commits on Jul 16, 2024

  1. build: release 10.0.3

    jeremylong committed Jul 16, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    c6928c1 View commit details

Commits on Jul 27, 2024

  1. feat: Allow configurable resultsPerPage in Gradle plugin (#399)

    aikebah authored Jul 27, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    aa6e9d0 View commit details

Commits on Aug 22, 2024

  1. fix: find regex in test configuration hierarchy check instead of match (

    Vampire authored Aug 22, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    54e4357 View commit details
  2. Allow to use Action for configuration in extensions to better support…

    … non-Groovy consumers (#187) (#404)
    Vampire authored Aug 22, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    1e36cdb View commit details
  3. Build and Publishing improvements (#402)

    Co-authored-by: Wilke Matthias Fabian (HOME/EET1 ❤️) <[email protected]>
    nightm4re94 and Wilke Matthias Fabian (HOME/EET1 ❤️) authored Aug 22, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    181e774 View commit details
  4. build: bump wrapper validation from v1 to v3 (#405)

    jeremylong authored Aug 22, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    6a96550 View commit details

Commits on Sep 1, 2024

  1. fix: add pnpm-lock.yaml to default scan set (#407)

    jeremylong authored Sep 1, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    8444a32 View commit details
  2. build: release 10.0.4

    jeremylong committed Sep 1, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    8133df6 View commit details
  3. fix: publication

    jeremylong committed Sep 1, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    fd54350 View commit details

Commits on Oct 21, 2024

  1. chore: Update build (#413)

    jeremylong authored Oct 21, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    842f817 View commit details
  2. chore: bump data directory path for breaking changes in 11.0 (#412)

    jeremylong authored Oct 21, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    91e31c7 View commit details

Commits on Oct 23, 2024

  1. fix: resolve initialization problem using ODC-core 11.0.0 (#415)

    jeremylong authored Oct 23, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    6eafe99 View commit details

Commits on Oct 30, 2024

  1. Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    e7c5a69 View commit details
  2. build: release 11.1.0

    jeremylong committed Oct 30, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    aaab86c View commit details

Commits on Nov 12, 2024

  1. docs: update examples to use the plugin portal instead of central (#420)

    jeremylong authored Nov 12, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    0a17ae7 View commit details

Commits on Nov 16, 2024

  1. fix: re-enable Central Analyzer by default (#422)

    jeremylong authored Nov 16, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    b5962db View commit details

Commits on Nov 22, 2024

  1. fix: expose analyzer.node.audit.url (#423)

    jeremylong authored Nov 22, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    bdc23d1 View commit details

Commits on Dec 4, 2024

  1. build: release 11.1.1

    jeremylong committed Dec 4, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    jeremylong Jeremy Long
    Copy the full SHA
    711aca3 View commit details

Commits on Dec 29, 2024

  1. migrate to kotlin buildscript for better type safety and IDE integrat…

    …ion (#426)
    mgroth0 authored Dec 29, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    db01bf3 View commit details

Commits on Jan 2, 2025

  1. feat: Extend authentication configuration options (including bearer) (#…

    aikebah authored Jan 2, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    a1f15c7 View commit details
Showing with 506 additions and 503 deletions.
  1. +5 −4 .github/workflows/build.yml
  2. +1 −1 .github/workflows/gradle-wrapper-validation.yml
  3. +5 −4 .github/workflows/pull_requests.yml
  4. +1 −0 .java-version
  5. +18 −17 README.md
  6. +0 −201 build.gradle
  7. +118 −0 build.gradle.kts
  8. +21 −0 gradle/libs.versions.toml
  9. BIN gradle/wrapper/gradle-wrapper.jar
  10. +2 −1 gradle/wrapper/gradle-wrapper.properties
  11. +21 −13 gradlew
  12. +12 −10 gradlew.bat
  13. +19 −1 settings.gradle
  14. +91 −12 src/main/groovy/org/owasp/dependencycheck/gradle/extension/AnalyzerExtension.groovy
  15. +1 −1 src/main/groovy/org/owasp/dependencycheck/gradle/extension/DataExtension.groovy
  16. +90 −2 src/main/groovy/org/owasp/dependencycheck/gradle/extension/DependencyCheckExtension.groovy
  17. +12 −0 src/main/groovy/org/owasp/dependencycheck/gradle/extension/HostedSuppressionsExtension.groovy
  18. +28 −0 src/main/groovy/org/owasp/dependencycheck/gradle/extension/KEVExtension.groovy
  19. +4 −0 src/main/groovy/org/owasp/dependencycheck/gradle/extension/NodeAuditExtension.groovy
  20. +8 −0 src/main/groovy/org/owasp/dependencycheck/gradle/extension/NvdExtension.groovy
  21. +12 −0 src/main/groovy/org/owasp/dependencycheck/gradle/extension/RetireJSExtension.groovy
  22. +3 −3 src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy
  23. +20 −4 src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy
  24. +0 −19 src/main/resources/META-INF/gradle-plugins/org.owasp.dependencycheck.properties
  25. +0 −202 src/main/resources/META-INF/licenses/gradle/LICENSE.txt
  26. +3 −2 src/main/resources/task.properties
  27. +8 −6 src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckGradlePluginSpec.groovy
  28. +3 −0 src/test/resources/scanAdditionalCpesConfiguration.gradle
9 changes: 5 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -11,11 +11,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
id: jdk-8
uses: actions/setup-java@v1
- name: Set up JDK 11
id: jdk-11
uses: actions/setup-java@v4
with:
java-version: 1.8
java-version: 11
distribution: 'zulu'
- name: Build
id: build
run: |
2 changes: 1 addition & 1 deletion .github/workflows/gradle-wrapper-validation.yml
Original file line number Diff line number Diff line change
@@ -7,4 +7,4 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/wrapper-validation-action@v1
- uses: gradle/wrapper-validation-action@v3
9 changes: 5 additions & 4 deletions .github/workflows/pull_requests.yml
Original file line number Diff line number Diff line change
@@ -9,11 +9,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
id: jdk-8
uses: actions/setup-java@v1
- name: Set up JDK 11
id: jdk-11
uses: actions/setup-java@v4
with:
java-version: 1.8
java-version: 11
distribution: 'zulu'
- name: Build
id: build
run: |
1 change: 1 addition & 0 deletions .java-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
11.0
35 changes: 18 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
@@ -5,6 +5,11 @@
The dependency-check gradle plugin allows projects to monitor dependent libraries for
known, published vulnerabilities.

## 11.0.0 Upgrade Notice
- The dependency-check-gradle plugin now requires Java 11 or higher.
- The dependency-check-gradle plugin will no longer be published to Maven Central; it
will continue to be published to the Gradle plugin portal.

## 9.0.0 Upgrade Notice

**Breaking Changes** are included in the 9.0.0 release. Please see the [9.0.0 Upgrade Notice](https://github.com/jeremylong/DependencyCheck#900-upgrade-notice)
@@ -31,8 +36,7 @@ dependencies {

## Current Release

The latest version is
[![Maven Central](https://img.shields.io/maven-central/v/org.owasp/dependency-check-gradle.svg)](https://mvnrepository.com/artifact/org.owasp/dependency-check-gradle)
The latest version is 11.1.1.

## Usage

@@ -41,19 +45,12 @@ for more detailed information on configuration and usage.

### Step 1, Apply dependency check gradle plugin

Install from Maven central repo
Add the plugin to your build.gradle file:

```groovy
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:10.0.2'
}
plugins {
id "org.owasp.dependencycheck" version "11.1.1"
}
apply plugin: 'org.owasp.dependencycheck'
```

### Step 2, Run gradle task
@@ -83,10 +80,12 @@ Try put 'apply plugin: "dependency-check"' inside the 'allprojects' or 'subproje
```groovy
buildscript {
repositories {
mavenCentral()
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:10.0.2'
classpath "org.owasp:dependency-check-gradle:11.1.1"
}
}
@@ -100,10 +99,12 @@ allprojects {
```groovy
buildscript {
repositories {
mavenCentral()
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:10.0.2'
classpath "org.owasp:dependency-check-gradle:11.1.1"
}
}
@@ -132,7 +133,7 @@ subprojects {

```kotlin
plugins {
id("org.owasp.dependencycheck") version "10.0.2" apply false
id("org.owasp.dependencycheck") version "11.1.1" apply false
}

allprojects {
201 changes: 0 additions & 201 deletions build.gradle

This file was deleted.

Loading