burakince / cake.dependencycheck Goto Github PK
View Code? Open in Web Editor NEWOWASP DependencyCheck Cake Package
Home Page: https://cakebuild.net/dsl/dependencycheck/
License: MIT License
OWASP DependencyCheck Cake Package
Home Page: https://cakebuild.net/dsl/dependencycheck/
License: MIT License
When using a path like this (as shown in the example):
Verifying dependencies for security vulnerabilities in './src/*'
[WARN] Possibly incorrect path './src/*' from argument 'scan' because it ends with a slash star; dependency-check uses ant-style paths
It would be nice if this addin could provide an Issue Provider for the Cake.Issues addin.
By doing this it could be used together with the other Cake.Issues addins, which for example provide reports or possibility to report issues as comments to pull requests.
Version 0.30.0+Branch.main.Sha.cab58db40b02346e562531be27fcaa5ea51a3312
64 bit
.NetCore 2.0
Windows 10
With the following code in Task I could not run DependencyCheck without suppressing the cake version verification.
DependencyCheck(new DependencyCheckSettings
{
Project = "TestCenter",
Scan = "../src",
Format = "HTML",
ProxyServer = parameters.ProxyServer,
ProxyPort = parameters.ProxyPort,
// NOT SUPPORTED IN THIS VERSION
DisableNodeJS = true,
DisableNSP = true,
DisableNuspec = false
});
Error: The assembly 'Cake.DependencyCheck, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'
is referencing an older version of Cake.Core (0.22.0).
This assembly must reference at least Cake.Core version 0.26.0.
Another option is to downgrade Cake to an earlier version.
It's not recommended, but you can explicitly opt out of assembly verification
by configuring the Skip Verification setting to true
(i.e. command line parameter "--settings_skipverification=true",
environment variable "CAKE_SETTINGS_SKIPVERIFICATION=true",
read more about configuration at https://cakebuild.net/docs/fundamentals/configuration)
We performed an automated audit of your Cake addin and found that it does not follow all the best practices.
We encourage you to make the following modifications:
.csproj
should have a line similar to this: <PackageReference Include="Cake.Core" Version="0.28.0" PrivateAssets="All" />
Apologies if this is already being worked on, or if there are existing open issues, this issue was created based on what is currently published for this package on NuGet.org and in the project on github.
First of all, I wanted to thank you for adding to the Cake community by adding this addin.
I was just wondering if you had seen this blog post:
http://cakebuild.net/blog/2016/08/cake-contribution-organization
We are currently going through a process of increasing the visibility of addins, and also trying to ensure their long term maintainability.
To that end, we are asking addin creators to add the cake-contrib user on NuGet as a co-owner (this can be done through the NuGet website by clicking on Manage Owners on the package page).
Would you be interested in doing this? If you have any questions about this, please let me know. There was some initial concern that the Cake Team were trying to "take over" packages, and that couldn't be further from the truth, and if you have this concern, or others, I would like to address them.
Thanks!
When embedding this Cake plugin, I receive the following error...
An error occurred when executing task 'Dependency-Check'.
Error: One or more errors occurred.
Could not load file or assembly 'System.Reflection.TypeExtensions, Version=4.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of
its dependencies. The system cannot find the file specified.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.