GithubHelp home page GithubHelp logo

burakince / cake.dependencycheck Goto Github PK

View Code? Open in Web Editor NEW
2.0 4.0 7.0 41 KB

OWASP DependencyCheck Cake Package

Home Page: https://cakebuild.net/dsl/dependencycheck/

License: MIT License

C# 74.17% PowerShell 18.07% Shell 7.76%
owasp dependencycheck dependency-checker dependency-check cake-build cake security appsec

cake.dependencycheck's People

Stargazers

 avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

cake.dependencycheck's Issues

Example code shows warning

When using a path like this (as shown in the example):

Verifying dependencies for security vulnerabilities in './src/*'
[WARN] Possibly incorrect path './src/*' from argument 'scan' because it ends with a slash star; dependency-check uses ant-style paths

Update needed for newer Cake version

What version of Cake are you using?

Version 0.30.0+Branch.main.Sha.cab58db40b02346e562531be27fcaa5ea51a3312

Are you running on a 32 or 64 bit system?

64 bit

What framework version are you use? Mono 5.8? .NetCore 2.0? .Net 4.5? .Net 4.6? .Net 4.7?

.NetCore 2.0

What environment are you running on? Windows? Linux? Mac?

Windows 10

Are you running on a CI Server? If so, which one?

How Did You Get This To Happen? (Steps to Reproduce)

With the following code in Task I could not run DependencyCheck without suppressing the cake version verification.

DependencyCheck(new DependencyCheckSettings
{
Project = "TestCenter",
Scan = "../src",
Format = "HTML",
ProxyServer = parameters.ProxyServer,
ProxyPort = parameters.ProxyPort,
// NOT SUPPORTED IN THIS VERSION
DisableNodeJS = true,
DisableNSP = true,
DisableNuspec = false
});

Output Log

Error: The assembly 'Cake.DependencyCheck, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'
is referencing an older version of Cake.Core (0.22.0).
This assembly must reference at least Cake.Core version 0.26.0.
Another option is to downgrade Cake to an earlier version.
It's not recommended, but you can explicitly opt out of assembly verification
by configuring the Skip Verification setting to true
(i.e. command line parameter "--settings_skipverification=true",
environment variable "CAKE_SETTINGS_SKIPVERIFICATION=true",
read more about configuration at https://cakebuild.net/docs/fundamentals/configuration)

Recommended changes resulting from automated audit

We performed an automated audit of your Cake addin and found that it does not follow all the best practices.

We encourage you to make the following modifications:

  • You are currently referencing Cake.Core 0.21.1. Please upgrade to 0.28.0
  • You are currently referencing Cake.Common 0.21.1. Please upgrade to 0.28.0
  • The Cake.Core reference should be private. Specifically, your addin's .csproj should have a line similar to this: <PackageReference Include="Cake.Core" Version="0.28.0" PrivateAssets="All" />
  • Your addin should target netstandard2.0. Please note that there is no need to multi-target, netstandard2.0 is sufficient.

Apologies if this is already being worked on, or if there are existing open issues, this issue was created based on what is currently published for this package on NuGet.org and in the project on github.

Add cake-contrib user

First of all, I wanted to thank you for adding to the Cake community by adding this addin.

I was just wondering if you had seen this blog post:

http://cakebuild.net/blog/2016/08/cake-contribution-organization

We are currently going through a process of increasing the visibility of addins, and also trying to ensure their long term maintainability.

To that end, we are asking addin creators to add the cake-contrib user on NuGet as a co-owner (this can be done through the NuGet website by clicking on Manage Owners on the package page).

Would you be interested in doing this? If you have any questions about this, please let me know. There was some initial concern that the Cake Team were trying to "take over" packages, and that couldn't be further from the truth, and if you have this concern, or others, I would like to address them.

Thanks!

Error occured

When embedding this Cake plugin, I receive the following error...

========================================
Dependency-Check

An error occurred when executing task 'Dependency-Check'.
Error: One or more errors occurred.
Could not load file or assembly 'System.Reflection.TypeExtensions, Version=4.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of
its dependencies. The system cannot find the file specified.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.