Releases: jeremylong/DependencyCheck
Releases · jeremylong/DependencyCheck
Version 8.0.0
Added
- Utilize the hosted suppression file to allow for faster remediation of reported False Positives (#4723).
- Include the CISA Known Exploited Vulnerability Catalog (#4878).
- The
gradle
andmaven
plugins now have the capability to scan the build plugins (#4035). - The
gradle
andmaven
plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency (#5001). - Added
properties.security-severity
to SARIF report for better integration with GitHub Security Code scanning (#5277). - Allow for HTTP auth settings for Retire JS respository (#5209).
- New schema for the XML report was added to support some of the above additions (#5296).
- Added missing gradle option to only warn on remote errors from the OSS Index Analyzer (gradle #303).
Changed
- Breaking: the database schema updated - if using an external database the update scripts must be run!
- The exit codes from the CLI have been changed to be in the range from 0-255 (#4511.
- The OSS Index Analyzer will automatically disable itself if a transport error occurs - preventing copious errors from being reported (#5300).
Fixed
- Added an additional check for rejected CVEs to reduce FP (#5268).
- Corrected the analysis of
node_modules
to prevent NPEs (#5266). - Fixed error when scanning node packages with local dependencies (#5235).
- Fixed NPE in the MSBuild Analyzer (#5293).
- Several False Positives have been resolved.
See the full listing of changes.
Version 7.4.4
Version 7.4.3
Version 7.4.2
Fixed
- Fixes maven 3.1 compatibility issue (#5152)
- Fixed issue with invalid
node_module
paths in some scans (#5135) - Fixed missing option to disable the Poetry Analyzer in the CLI (#5160)
- Fixed missing option to configure the OSS Index URL in the CLI (#5180)
- Fixed NPE when analyzing version ranges in NPM (#5158)
- Fixed issue with non-proxy host in the gradle plugin (dependency-check/dependency-check-gradle#298)
- Resolved several FP
See the full listing of changes.
Version 7.4.1
Version 7.4.0
Added
- Add support for npm package lock v2 and v3 (#5078)
- Added experimental support for Python Poetry (#5025)
- Added a vanilla HTML report for use in Jenkins (#5053)
Changed
- Renamed
RELEASE_NOTES.md
toCHANGELOG.md
to be more conventional - Optimized checksum calculation to improve performance (#5112)
- Added support for scanning .NET assemblies when only the dotnet runtime is installed (#5087)
- Bumped several dependencies
Fixed
- Fixed bug when setting the proxy port (#5076)
- Resolved several FP and FN
See the full listing of changes.