I installed OWASP Dependency checker and works fine with host agent. But I found issue on self build server and agent.
I thought last vesion is typescript/nodejs but it still needs java JRE installation? Please confirm.
==============================================================================
Task : OWASP Dependency Check
Description : Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.
Version : 6.1.1
Author : Dependency Check
Help : More Information
Starting Dependency Check...
Setting report directory to D:\w2\63\TestResults\dependency-check
Creating report directory at D:\w2\63\TestResults\dependency-check
Downloading Dependency Check latest installer from GitHub..
Downloading ZIP from "https://github.com/jeremylong/DependencyCheck/releases/download/v8.1.0/dependency-check-8.1.0-release.zip"...
Dependency Check script set to D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat
Invoking Dependency Check...
Path: D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat
Arguments: --project "VTSOnline" --out "D:\w2\63\TestResults\dependency-check" --scan "D:\" --format HTML --format JUNIT --failOnCVSS 1
C:\Windows\system32\cmd.exe /D /S /C "D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat --version"
'java' is not recognized as an internal or external command,
operable program or batch file.
Yes, the Java JRE is needed, because the Azure DevOps extension just utilizes the OWASP Dependency Check CLI.
The extension itself is written in TypeScript.
Hi,
I installed OWASP Dependency checker and works fine with host agent. But I found issue on self build server and agent. I thought last vesion is typescript/nodejs but it still needs java JRE installation? Please confirm.
============================================================================== Task : OWASP Dependency Check Description : Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. Version : 6.1.1 Author : Dependency Check Help : More Information
Starting Dependency Check... Setting report directory to D:\w2\63\TestResults\dependency-check Creating report directory at D:\w2\63\TestResults\dependency-check Downloading Dependency Check latest installer from GitHub.. Downloading ZIP from "https://github.com/jeremylong/DependencyCheck/releases/download/v8.1.0/dependency-check-8.1.0-release.zip"... Dependency Check script set to D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat Invoking Dependency Check... Path: D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat Arguments: --project "VTSOnline" --out "D:\w2\63\TestResults\dependency-check" --scan "D:\" --format HTML --format JUNIT --failOnCVSS 1 C:\Windows\system32\cmd.exe /D /S /C "D:\w2_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.1.1\dependency-check\bin\dependency-check.bat --version" 'java' is not recognized as an internal or external command, operable program or batch file.