aikebah
commented
1 year ago As we already support a similar case for retireJS mirrors with the retireJsUser/Password parameters I think this is a valid enhancement request.
Open robocrock opened 1 year ago
aikebah
commented
1 year ago As we already support a similar case for retireJS mirrors with the retireJsUser/Password parameters I think this is a valid enhancement request.
robocrock
commented
1 year ago If this is accepted, then maybe if it is not too much more work, the same could be configured for the knownExploitedUrl also? We currently have this disabled for the same reason, that username and password/access-token cannot be specified.
YaroslavYakymenko
commented
1 year ago We created an artifactory mirror for the CISA website but authentication for knownExploitedUrl is not supported.
Hi!
We are running the dependency checker as maven plugin in a ci/cd-runner without internet access. The runner has however access to a local service which is able to mirror the suppression-url. The service requires authentication in order to access the url.
It seems when specifying the hostedSuppressionsUrl setting, the plugin is trying to access the local service, but it seems the suppressionFileUser and suppressionFilePassword is not used when accessing hostedSuppressionsUrl?
It it possible to specify username and password/access-token in any way for the hostedSuppressionsUrl, or is it something that would be considered useful in an upcominge update?