[Owasp-leaders] OWASP dependency-check 2.0.0 released!
jeremy.long at owasp.org
Tue Jul 4 10:57:36 UTC 2017
The OWASP dependency-check team is pleased to announce the release of
version 2.0.0! Please visit the documentation site
<http://jeremylong.github.io/DependencyCheck/> for information on obtaining
the new version (CLI
, Maven Plugin
, Ant Task
, Gradle Plugin
, Jenkins Plugin
and SBT Plugin <https://github.com/albuch/sbt-dependency-check>).
Special thanks to everyone that submitted a Pull Request!
In addition to general bug fixes and false positive reductions the
following enhancements were made:
- Support for multiple suppression files
- The suppression notes are also added to the generated report
- Expanded the Maven plugins capability to exclude scopes (added
`system`) and an option to exclude dependency types
- Add an NSP analyzer to enhance analysis of Node.js.
- Add new report formats: CSV and JSON
- Dependencies that were found in Central or a local Nexus are now
marked with a green check in the HTML report.
Enhancements specific to the Jenkins plugin include:
- Updated analysis-core to v1.86
- Added support for Node Security Platform
- Added Jenkins Pipeline support to all builders
- Added finer control over optional HTML, JSON, and CSV reports to
- Added ability to publish Dependency-Check results to Dependency-Track
- Enhancements to user interface
- Fixed bug that prevented updateOnly builder from using external
- Fixed bug that failed to mask password when using external database
The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders