Update Download Links - New Version of ODC

[jeremylong]

I know this should be a PR... A new version of ODC was released - in addition we would prefer users to download the CLI from the github release rather than bintray due to bandwidth restrictions.

Please update:

https://github.com/dependency-check/azuredevops/blob/7580de253ae592e894d8fb8bb7bc97bc77887839/build/data-cache/data-cache.sh#L9

To point to the GitHub release to avoid capacity issues at bintray:

curl -sLo ./dependency-check-$VERSION-release.zip https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip"

Additionally, update: https://github.com/dependency-check/azuredevops/blob/360d647327c719d592888a15f0ba25b204fe3d96/src/Tasks/dependency-check-build-task/dependency-check-build-task.ps1#L119-L120

To:

Invoke-WebRequest "https://github.com/jeremylong/DependencyCheck/releases/download/v6.0.2/dependency-check-6.0.2-release.zip" -OutFile "dependency-check-6.0.2-release.zip" 
Expand-Archive -Path dependency-check-6.0.2-release.zip -DestinationPath . -Force

[ojasp]

@jeremylong , any timeline for when we can upgrade our task with this fix? All of our Dependency checker tasks are failing with a 403 because of this.

[ejohn20]

Working on it. Azure went down yesterday, which made it difficult to build / test. Should be today sometime.

[aspoddar]

Even after adding the lines for DependencyCheck v6.0.2, still getting the 403 ,forbidden error

[ejohn20]

I'm going to need the full build task output to troubleshoot this. Guessing your version has not updated to the latest build task version yet. It should look like this:

Starting: Dependency Check
==============================================================================
Task         : OWASP Dependency Check
Description  : Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.
Version      : 5.6.1
Author       : Dependency Check
Help         : [More Information](https://jeremylong.github.io/DependencyCheck/index.html)
==============================================================================
Starting Dependency Check...
Setting report directory to D:\a\1\TestResults\dependency-check
Creating report directory at D:\a\1\TestResults\dependency-check

    Directory: D:\a\1\TestResults

Mode                LastWriteTime         Length Name                                                                  
----                -------------         ------ ----                                                                  
d-----        9/29/2020   4:14 PM                dependency-check                                                      
Downloading Dependency Check v6.0.2 installer...
Dependency Check installer set to D:\a\_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\5.6.1\dependency-check\bin\dependency-check.bat
Invoking Dependency Check...
Path: D:\a\_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\5.6.1\dependency-check\bin\dependency-check.bat
Arguments: --project "WebGoat .NET" --scan "D:\a\1\s\**\packages.config" --out "D:\a\1\TestResults\dependency-check" --format HTML --format JSON

[ojasp]

Working on it. Azure went down yesterday, which made it difficult to build / test. Should be today sometime.

Works now. Thanks for the quick turnaround.

[aspoddar]

============================================================================== Task : OWASP Dependency Check Description : Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. Version : 5.6.1 Author : Dependency Check Help : More Information

today i.e after latest version 5.6.1 i'm getting [ERROR] Error generating the report for RFPM-V2.0-UI-Dependency-Check 2020-09-30T04:54:10.5266725Z Dependency Check completed with exit code -12. Please suggest