[Owasp-leaders] OWASP dependency-check 2.0.0 released!

Jeremy Long jeremy.long at owasp.org
Tue Jul 4 10:57:36 UTC 2017


The OWASP dependency-check team is pleased to announce the release of
version 2.0.0! Please visit the documentation site
<http://jeremylong.github.io/DependencyCheck/> for information on obtaining
the new version (CLI
<http://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html>
, Maven Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html>
, Ant Task
<http://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html>
, Gradle Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html>
, Jenkins Plugin
<https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin>,
and SBT Plugin <https://github.com/albuch/sbt-dependency-check>).

Special thanks to everyone that submitted a Pull Request!

Release Notes
-------------------
In addition to general bug fixes and false positive reductions the
following enhancements were made:

   - Support for multiple suppression files
      - The suppression notes are also added to the generated report
   - Expanded the Maven plugins capability to exclude scopes (added
   `system`) and an option to exclude dependency types
   - Add an NSP analyzer to enhance analysis of Node.js.
   - Add new report formats: CSV and JSON
   - Dependencies that were found in Central or a local Nexus are now
   marked with a green check in the HTML report.

Enhancements specific to the Jenkins plugin include:

   - Updated analysis-core to v1.86
   - Added support for Node Security Platform
   - Added Jenkins Pipeline support to all builders
   - Added finer control over optional HTML, JSON, and CSV reports to
   generate
   - Added ability to publish Dependency-Check results to Dependency-Track
   v3
   - Enhancements to user interface
   - Fixed bug that prevented updateOnly builder from using external
   database
   - Fixed bug that failed to mask password when using external database

Best Regards,

The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170704/6e10222d/attachment.html>


More information about the OWASP-Leaders mailing list