dependency-check-plugin | Jenkins plugin for OWASP Dependency | Plugin library

by jenkinsci Java Version: dependency-check-jenkins-plugin-5.4.0 License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | dependency-check-plugin Summary

dependency-check-plugin is a Java library typically used in Plugin, Jenkin applications. dependency-check-plugin has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. However dependency-check-plugin has 2 bugs. You can download it from GitHub.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Support

Quality

Security

License

Reuse

Support

dependency-check-plugin has a low active ecosystem.

It has 120 star(s) with 68 fork(s). There are 120 watchers for this library.

It had no major release in the last 12 months.

dependency-check-plugin has no issues reported. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of dependency-check-plugin is dependency-check-jenkins-plugin-5.4.0

Quality

dependency-check-plugin has 2 bugs (0 blocker, 0 critical, 1 major, 1 minor) and 73 code smells.

Security

dependency-check-plugin has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

dependency-check-plugin code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

dependency-check-plugin is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

dependency-check-plugin releases are available to install and integrate.

Build file is available. You can build the component from source.

dependency-check-plugin saves you 21268 person hours of effort in developing the same functionality from scratch.

It has 78069 lines of code, 224 functions and 47 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed dependency-check-plugin and discovered the below as its top functions. This is intended to give you an instant insight into dependency-check-plugin implemented functionality, and help decide if they suit your requirements.

Process the build steps
Parses the XML report
Replies the distribution distribution for the previous build
Increments the given severity
Evaluates whether or not the given thresholds are met
Normalizes the severity
Gets the thresholds
Process the specified artifact
Converts dependency - check structure to findings list
Executes the build
Helper method to build arguments list
Determine if this build should be skipped or not
Perform the installation
Download the local cache
Check if the trend chart is visible
Creates a vulnerability object from attributes
Retrieves the trend of the issues
Run the workflow

Get all kandi verified functions for this library.

dependency-check-plugin Key Features

No Key Features are available at this moment for dependency-check-plugin.

dependency-check-plugin Examples and Code Snippets

No Code Snippets are available at this moment for dependency-check-plugin.

Community Discussions

Trending Discussions on dependency-check-plugin

Does SonarQube need extra config/plugins to understand jacoco reports

QUESTION

Does SonarQube need extra config/plugins to understand jacoco reports

Asked 2019-Oct-17 at 19:15

I am using SonarQube Version 6.7.3 (build 38370) and my coverage report is not working (always showing 0%). I verified that after running ./mvnw clean verify install sonar:sonar -Dsonar.host.url=... the jacoco.xml file is created under the default expected location for the sonar-maven-plugin. The report is correctly showing 66% code coverage.

I see that my SonarQube's helm chart was installed with

...

ANSWER

Answered 2019-Oct-17 at 19:15

Yes - import of JaCoCo XML report requires a SonarQube JaCoCo Plugin.

Page about plugin that you cite contains not only

provided by default with SonarQube 7.4+

but also

JaCoCo 1.0.2 – Jun 28, 2019 – SonarQube 6.7+ (Compatible with LTS)

meaning that plugin is compatible with SonarQube versions starting from 6.7 and pre-installed starting from version 7.4.

https://docs.sonarqube.org/6.7/InstallingaPlugin.html describes how to install plugins:

Source https://stackoverflow.com/questions/58435743

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install dependency-check-plugin

You can download it from GitHub.
You can use dependency-check-plugin like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the dependency-check-plugin component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: