Skip to content

Releases: dependency-check/azuredevops

v6.2.3

10 Apr 14:33
@pippolino pippolino
6.2.3
6dc8fe4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.2.3 Latest
Latest

What's Changed

  • hotfix data folder location #158
  • hotfix not dependency check installer #161
Assets 3
Loading

v6.2.1

10 Apr 09:00
@pippolino pippolino
6.2.1
7db2124
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.2.1

What's Changed

Full Changelog: 6.2.0...6.2.1

Contributors

pippolino
Assets 3
Loading

v6.2.0

07 Apr 08:11
@pippolino pippolino
6.2.0
e9619bd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.2.0

What's Changed

  • Add Azure DevOps pipeline yaml code by @pippolino in #155
  • Add support to Node10 and Node16 #91
  • Merged changes from #93
  • Publishing sarif reports to codeAnalysisLogs #103
  • Add NVD API Key as a Task parameter #146
  • Mask sensistive parameters on log #146

New Contributors

Full Changelog: 6.1.3...6.2.0

Contributors

pippolino
Assets 3
Loading

v6.1.3

15 Dec 08:56
@Saturate Saturate
6.1.3
9f98209
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.1.3

What's Changed

  • Allow for custom JAVA_OPTS Environment Variable by @Saturate in #145

New Contributors

Full Changelog: 6.1.1...6.1.3

Contributors

Saturate
Assets 2
Loading

v6.1.1

19 Jan 03:22
@ejohn20 ejohn20
6.1.1
c4e46d0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.1.1

What's Changed

  • Support multiple paths for parameter scanPath by @HaGGi13 in #107
  • Bump path-parse from 1.0.6 to 1.0.7 in /src/Tasks/dependency-check-build-task by @dependabot in #88
  • Bump i from 0.3.6 to 0.3.7 by @dependabot in #89
  • Match new CVSS score failure exit code on Dependency-Check v8 or higher by @guidojw in #116
  • v6.1 by @ejohn20 in #118

New Contributors

Full Changelog: 6.0.4...6.1.1

Contributors

HaGGi13, ejohn20, and 2 other contributors
Assets 2
Loading

v6.0.4

18 May 14:40
@ejohn20 ejohn20
6.0.4
ec3d0e5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.0.4

Minor update with:

  • reportFileName parameter for controlling generated report name
  • Mac OS agent support
  • Dependabot package updates.
  • Retry on failed downloads of installer package
  • Set the return code to the proper value
  • Options for fail on cvss warning
  • Additional logging and debugging

Details: #82

Assets 2
Loading

v6.0.0

14 Mar 15:12
@ejohn20 ejohn20
6.0.0
828531d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.0.0

Conversion from PowerShell to TypeScript extension for cross-platform build agent support (Windows, Linux)

Assets 2
Loading

v5.6.0

29 Sep 16:15
@ejohn20 ejohn20
5.6.0
17bfac3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.6.0

Hotfix release addresses several issues related to downloading the dependency check installer on the fly. Also includes additional configuration options for supporting on-prem build agents.

  • Issue #47: Convert installer download from bintray to github release endpoint for the auto-install on cloud-hosted agents.

  • Issue #45: Option to specify a local installer location and override the auto-install download on cloud-hosted agents.

  • Issue #42: Option to override the default report output location.

  • Issue #49: Option to specify the dependency check version for the auto-install download on cloud-hosted agents.

PR #50

Assets 2
Loading

v5.3.2

15 Apr 19:29
@ejohn20 ejohn20
5.3.2
044b73b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.3.2

  • Issue #22: Updated Dependency Check installer to version 5.3.2

  • Issue #27: Modified extension to install the Dependency Check package during execution to reduce the extension's file size. This eliminates the headaches of on-prem folks increasing the default max file size 20MB value.

  • Issue #28: The costs associated with hosting the cached data files has become too large to manage this going forward. This updated added two new optional fields (https end points) for consumers to host their own cached data files. If empty, the dependency check scan will simply load the database before running the scan. See the Data Cache for an example of how to build these database files on a nightly basis and host them in your own CloudFront Distribution.

Assets 2
Loading

v5.2.1.2

01 Sep 14:53
@ejohn20 ejohn20
5.2.1.2
c403c0f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.2.1.2

Bug Fixes

  • Require TLS1.2 connections to vulnerability db cache files to fixed an error in hardened PowerShell environments.

  • Set default report format to HTML instead of html, which threw an error.

Assets 3
Loading