search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.46k stars 1.28k forks source link

Publication & version output #7151

Open Chelseasweeney07 opened 1 week ago

Chelseasweeney07 commented 1 week ago

Hello,

Is there a way with OWASP or OWASP azure pipeline task to output all packages publication dates and versions? Not just report out on the ones with vulnerabilities?

jeremylong commented 1 week ago

In the HTML report there is a button to show all of the dependencies scanned:

image
Chelseasweeney07 commented 1 week ago

Is there any way to do this within the excel spreadsheet output? We are needing all open-source packages used in our applications with their published dates and versions.

Thanks,

Chelsea Sweeney IT Platform Administrator II, Application Development NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO 701-277-6624 @.**@.> www.noridian.comhttp://www.noridian.com/ | www.noridianmedicare.comhttp://www.noridianmedicare.com/

[NAS email signature logo]

Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message.

From: Jeremy Long @.> Sent: Wednesday, November 13, 2024 6:51 AM To: jeremylong/DependencyCheck @.> Cc: Chelsea Sweeney @.>; Author @.> Subject: Re: [jeremylong/DependencyCheck] Publication & version output (Issue #7151)

WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

In the HTML report there is a button to show all of the dependencies scanned: image.png (view on web)https://github.com/user-attachments/assets/04b94ceb-f4c9-4b08-8917-04c7c8721fcb

- Reply to this email directly, view it on GitHubhttps://github.com/jeremylong/DependencyCheck/issues/7151#issuecomment-2473531144, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BJ4DTZJMOPZ3FWGT6MSL3WL2ANDLJAVCNFSM6AAAAABRSVQPBGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINZTGUZTCMJUGQ. You are receiving this because you authored the thread.Message ID: @.***>

jeremylong commented 1 week ago

The only way to do this with a CSV report would be to create a copy of the CVS velocity template from this repo - modify it to your requirements, and then just specify the path to the report template in your dependency-check configuration (e.g. instead of HTML you would just put the path to the custom report template).