[Owasp-leaders] OWASP dependency-check 2.0.0 released!

Matt Konda matt.konda at owasp.org
Wed Jul 5 12:26:05 UTC 2017


Awesome work, Jeremy and team!

We use dependency-check in Glue and recommend it for clients.  Great to see
continued progress and improvements!

Matt




On Tue, Jul 4, 2017 at 5:57 AM, Jeremy Long <jeremy.long at owasp.org> wrote:

> The OWASP dependency-check team is pleased to announce the release of
> version 2.0.0! Please visit the documentation site
> <http://jeremylong.github.io/DependencyCheck/> for information on
> obtaining the new version (CLI
> <http://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html>
> , Maven Plugin
> <http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html>
> , Ant Task
> <http://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html>
> , Gradle Plugin
> <http://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html>
> , Jenkins Plugin
> <https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin>,
> and SBT Plugin <https://github.com/albuch/sbt-dependency-check>).
>
> Special thanks to everyone that submitted a Pull Request!
>
> Release Notes
> -------------------
> In addition to general bug fixes and false positive reductions the
> following enhancements were made:
>
>    - Support for multiple suppression files
>       - The suppression notes are also added to the generated report
>    - Expanded the Maven plugins capability to exclude scopes (added
>    `system`) and an option to exclude dependency types
>    - Add an NSP analyzer to enhance analysis of Node.js.
>    - Add new report formats: CSV and JSON
>    - Dependencies that were found in Central or a local Nexus are now
>    marked with a green check in the HTML report.
>
> Enhancements specific to the Jenkins plugin include:
>
>    - Updated analysis-core to v1.86
>    - Added support for Node Security Platform
>    - Added Jenkins Pipeline support to all builders
>    - Added finer control over optional HTML, JSON, and CSV reports to
>    generate
>    - Added ability to publish Dependency-Check results to
>    Dependency-Track v3
>    - Enhancements to user interface
>    - Fixed bug that prevented updateOnly builder from using external
>    database
>    - Fixed bug that failed to mask password when using external database
>
> Best Regards,
>
> The OWASP dependency-check team
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170705/bee2d142/attachment.html>


More information about the OWASP-Leaders mailing list