Skip to content

dependency-check/dependency-check-gradle

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 100 tags
Code

Latest commit

@jeremylong
jeremylong docs: fix badge (#353)
0b3b62b Aug 19, 2023
docs: fix badge (#353)
0b3b62b

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
fix: archive test reports
January 27, 2023 05:49
gradle/wrapper
fix: resolve build failures
June 22, 2023 06:38
src
fix: remove transient modifier (#347)
August 19, 2023 09:41
.gitignore
add empty properties for CI
October 14, 2021 07:29
LICENSE.txt
Add license information and modify the legalese
May 25, 2015 12:23
NOTICE.txt
Add license information and modify the legalese
May 25, 2015 12:23
README.md
docs: fix badge
August 19, 2023 10:15
build.gradle
build: release 8.4.0
August 19, 2023 10:01
gradle.properties
add empty properties for CI
October 14, 2021 07:29
gradlew
upgrade to gradle wrapper to 6.1.1
April 12, 2020 07:09
gradlew.bat
upgrade to gradle wrapper to 6.1.1
April 12, 2020 07:09
settings.gradle
updated to be feature complete with 1.3.2-SNAPSHOT
November 11, 2015 18:44
Dependency-Check-Gradle Current Release Usage Step 1, Apply dependency check gradle plugin Step 2, Run gradle task FAQ What if my project includes multiple sub-project? How can I use this plugin for each of them including the root project? How to customize the report directory? How do I use the plugin with Gradle Kotlin DSL?

README.md

Dependency-Check-Gradle

Build

The dependency-check gradle plugin allows projects to monitor dependent libraries for known, published vulnerabilities.

Current Release

The latest version is Maven Central

Usage

Below are the quick start instructions. Please see the documentation site for more detailed information on configuration and usage.

Step 1, Apply dependency check gradle plugin

Install from Maven central repo

buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'org.owasp:dependency-check-gradle:8.4.0'
    }
}

apply plugin: 'org.owasp.dependencycheck'

Step 2, Run gradle task

Once gradle plugin applied, run following gradle task to check dependencies:

gradle dependencyCheckAnalyze --info

The reports will be generated automatically under build/reports directory.

If your project includes multiple sub-projects, the report will be generated for each sub-project in their own build/reports.

FAQ

Questions List:

  • What if my project includes multiple sub-project? How can I use this plugin for each of them including the root project?
  • How to customize the report directory?

What if my project includes multiple sub-project? How can I use this plugin for each of them including the root project?

Try put 'apply plugin: "dependency-check"' inside the 'allprojects' or 'subprojects' if you'd like to check all sub-projects only, see below:

(1) For all projects including root project:

buildscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'org.owasp:dependency-check-gradle:8.4.0'
  }
}

allprojects {
    apply plugin: 'org.owasp.dependencycheck'
}

(2) For all sub-projects:

buildscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'org.owasp:dependency-check-gradle:8.4.0'
  }
}

subprojects {
    apply plugin: 'org.owasp.dependencycheck'
}

In this way, the dependency check will be executed for all projects (including root project) or just sub projects.

How to customize the report directory?

By default, all reports will be placed under build/reports folder, to change the default reporting folder name modify the configuration section like this:

subprojects {
    apply plugin: 'org.owasp.dependencycheck'

    dependencyCheck {
        outputDirectory = "$buildDir/security-report"
    }
}

How do I use the plugin with Gradle Kotlin DSL?

plugins {
    id("org.owasp.dependencycheck") version "8.4.0" apply false 
}

allprojects {
    apply(plugin = "org.owasp.dependencycheck")
}

configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
    format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString()
}

About

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.

jeremylong.github.io/DependencyCheck/

Topics

security-audit

Resources

Readme

License

Apache-2.0 license
Activity

Stars

318 stars

Watchers

11 watching

Forks

84 forks
Report repository

Releases 7

v8.4.0 Latest
Aug 19, 2023
+ 6 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 37

+ 26 contributors

Languages