Podfiles support #1187
Comments
|
Dependency-Check supports CocoaPods and the Swift Package Manager. Are you using one of these package managers or are your dependencies part of the repo? |
|
Cocoa yes, swift package manager no, dependencies part of the repo probably not. |
|
One way to check would be to specify a dependency on a pod that has known vulnerabilities. Try temporarily adding https://cocoapods.org/?q=openssl to test. All versions of this pod are vulnerable and no versions of the pod are available that are not vulnerable. Dependency-Check should find this issue. Please report back if you could. |
|
I believe I'm having a similar issue. I tried adding openssl to my project and it did not come up in the list of dependencies. |
|
@stevespringett the OpenSSL-OSX doesn't seem to be compatible with the ios platform |
|
@ndurell Correct - atm ODC does not support @Kollerb04 does your application have |
|
@jeremylong yes it uses podfiles |
|
I am going to convert this to an enhancement request to support podfiles. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I'm running jenkins plugin ananalyzer and publisher version 3.1.2 for an iOS project. It takes a couple of minutes to run:
dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports: false, includeHtmlReports: true, includeJsonReports: false, includeVulnReports: true, isAutoupdateDisabled: false, outdir: '', scanpath: '', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: '' dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '', pattern: '', unHealthy: ''It produces a dependency-check-data folder with dc.h2.db with approx 320mb of size and a dependency-check-report.xml. It also updates jenkins job summary page saying that 0 warnings were found.
The output of the jenkins job is:
[DependencyCheck] OWASP Dependency-Check Plugin v3.1.2 [DependencyCheck] Executing Dependency-Check with the following options: [DependencyCheck] -name = myjob [DependencyCheck] -scanPath = /mypath/ [DependencyCheck] -outputDirectory = /mypath/ [DependencyCheck] -dataDirectory = /mypath//dependency-check-data [DependencyCheck] -dataMirroringType = none [DependencyCheck] -isQuickQueryTimestampEnabled = true [DependencyCheck] -jarAnalyzerEnabled = true [DependencyCheck] -nodePackageAnalyzerEnabled = true [DependencyCheck] -nspAnalyzerEnabled = true [DependencyCheck] -composerLockAnalyzerEnabled = true [DependencyCheck] -pythonDistributionAnalyzerEnabled = true [DependencyCheck] -pythonPackageAnalyzerEnabled = true [DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = false [DependencyCheck] -rubyGemAnalyzerEnabled = true [DependencyCheck] -cocoaPodsAnalyzerEnabled = true [DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true [DependencyCheck] -archiveAnalyzerEnabled = true [DependencyCheck] -assemblyAnalyzerEnabled = true [DependencyCheck] -centralAnalyzerEnabled = true [DependencyCheck] -nuspecAnalyzerEnabled = true [DependencyCheck] -nexusAnalyzerEnabled = false [DependencyCheck] -autoconfAnalyzerEnabled = true [DependencyCheck] -cmakeAnalyzerEnabled = true [DependencyCheck] -opensslAnalyzerEnabled = true [DependencyCheck] -showEvidence = true [DependencyCheck] -formats = XML HTML VULN [DependencyCheck] -autoUpdate = true [DependencyCheck] -updateOnly = false [DependencyCheck] Scanning: /mypath/ [DependencyCheck] Analyzing Dependencies [Pipeline] dependencyCheckPublisher [DependencyCheck] Collecting Dependency-Check analysis files... [DependencyCheck] Searching for all files in /mypath/ that match the pattern **/dependency-check-report.xml [DependencyCheck] Parsing 1 file in /mypath/ [DependencyCheck] Successfully parsed file /mypath//dependency-check-report.xml with 0 unique warnings and 0 duplicates.That output takes around 3.30 minutes to finish.
Why is that happenning? I find it unbelieveable that it didn't find at least a one warning.
The text was updated successfully, but these errors were encountered: