I'm using a dependency check 8.2.0 version via Jenkins file and following below set-up as one of the stage - but every time I see, report generates with zero vulnerabilities.
after the scm checkout, I expected to consider an environment.yml file which contains the dependencies associated for the python application. But I am sure it's not getting scanned. So I added --enableExperimental to have this from a python analyzer standpoint.
Hi,
I'm using a dependency check 8.2.0 version via Jenkins file and following below set-up as one of the stage - but every time I see, report generates with zero vulnerabilities.
after the scm checkout, I expected to consider an environment.yml file which contains the dependencies associated for the python application. But I am sure it's not getting scanned. So I added --enableExperimental to have this from a python analyzer standpoint.
stage('OWASP Scan') { steps { dependencyCheck additionalArguments: ''' -o './' -s './' -f 'ALL' --enableExperimental --prettyPrint''', odcInstallation: 'dependency-checker' dependencyCheckPublisher pattern: 'dependency-check-report.xml' } }
Any help in this regard would be much appreciated..