Open cluick opened 1 year ago
centi
commented
1 year ago Hi. There already is a CLI parameter, which allows you to force a new install even if there already is a binary downloaded.
--force-install - see: https://github.com/etnetera/owasp-dependency-check/blob/main/index.js#L10
cluick
commented
1 year ago Hi. There already is a CLI parameter, which allows you to force a new install even if there already is a binary downloaded.
--force-install- see: https://github.com/etnetera/owasp-dependency-check/blob/main/index.js#L10
Thanks for your answer! Yes, I know. But I don't want to download the binaries every time the dependency check is invoked. Only a newer version should be downloaded, to reduce traffic caused by jobs.
How does the caching of the dependency-check binary files work? Does this module always check for new versions of the binary files? If not, I would suggest to add an option which enables updates of the binary files. Otherwise this need to be performed manually based on the cached binary files an the redirect from
https://github.com/jeremylong/DependencyCheck/releases/latest. I use this module in CI pipelines and I´m caching the contents of the `.dependency-check-bin" directory so that not every job need to download the files again. But sometimes I have problems, e.g. when using newer Node.js versions, which require updating the cached binary files.