What's Changed

• hotfix data folder location #158
• hotfix not dependency check installer #161

What's Changed

• Restore dependency check installer path by @pippolino in #159

Full Changelog: 6.2.0...6.2.1

What's Changed

• Add Azure DevOps pipeline yaml code by @pippolino in #155
• Add support to Node10 and Node16 #91
• Merged changes from #93
• Publishing sarif reports to codeAnalysisLogs #103
• Add NVD API Key as a Task parameter #146
• Mask sensistive parameters on log #146

New Contributors

• @pippolino made their first contribution in #155

Full Changelog: 6.1.3...6.2.0

What's Changed

• Allow for custom JAVA_OPTS Environment Variable by @Saturate in #145

New Contributors

• @Saturate made their first contribution in #145

Full Changelog: 6.1.1...6.1.3

What's Changed

• Support multiple paths for parameter scanPath by @HaGGi13 in #107
• Bump path-parse from 1.0.6 to 1.0.7 in /src/Tasks/dependency-check-build-task by @dependabot in #88
• Bump i from 0.3.6 to 0.3.7 by @dependabot in #89
• Match new CVSS score failure exit code on Dependency-Check v8 or higher by @guidojw in #116
• v6.1 by @ejohn20 in #118

New Contributors

• @HaGGi13 made their first contribution in #107
• @guidojw made their first contribution in #116

Full Changelog: 6.0.4...6.1.1

Minor update with:

• reportFileName parameter for controlling generated report name
• Mac OS agent support
• Dependabot package updates.
• Retry on failed downloads of installer package
• Set the return code to the proper value
• Options for fail on cvss warning
• Additional logging and debugging

Details: #82

Conversion from PowerShell to TypeScript extension for cross-platform build agent support (Windows, Linux)

Hotfix release addresses several issues related to downloading the dependency check installer on the fly. Also includes additional configuration options for supporting on-prem build agents.

• Issue #47: Convert installer download from bintray to github release endpoint for the auto-install on cloud-hosted agents.

• Issue #45: Option to specify a local installer location and override the auto-install download on cloud-hosted agents.

• Issue #42: Option to override the default report output location.

• Issue #49: Option to specify the dependency check version for the auto-install download on cloud-hosted agents.

PR #50

• Issue #22: Updated Dependency Check installer to version 5.3.2

• Issue #27: Modified extension to install the Dependency Check package during execution to reduce the extension's file size. This eliminates the headaches of on-prem folks increasing the default max file size 20MB value.

• Issue #28: The costs associated with hosting the cached data files has become too large to manage this going forward. This updated added two new optional fields (https end points) for consumers to host their own cached data files. If empty, the dependency check scan will simply load the database before running the scan. See the Data Cache for an example of how to build these database files on a nightly basis and host them in your own CloudFront Distribution.

Bug Fixes

• Require TLS1.2 connections to vulnerability db cache files to fixed an error in hardened PowerShell environments.

• Set default report format to HTML instead of html, which threw an error.