fastlane-plugin-dependency_check_ios_analyzer
About dependency_check_ios_analyzer
Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package Manager and CocoaPods).
This analyzer is considered experimental. While it may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.
Parameters
| Key | Description | Default |
|---|---|---|
skip_spm_analysis |
Skip analysis of SPM dependencies |
false |
skip_pods_analysis |
Skip analysis of CocoaPods dependencies |
false |
spm_checkouts_path |
Path to Swift Packages, if resolved | |
pod_file_lock_path |
Path to the Podfile.lock file, if exists |
|
project_path |
Path to the directory that contains an Xcode project, workspace or package. Defaults to the root
|
|
project_name |
The project's name | DependencyCheck |
output_directory |
The directory in which all reports will be stored | dependency-check |
output_types |
Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all) |
sarif |
cli_version |
Overwrite the version of DependencyCheck analyzer |
10.0.3 |
verbose |
The file path to write verbose logging information | |
fail_on_cvss |
Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | 11 |
junit_fail_on_cvss |
Specifies the CVSS score that is considered a failure when generating the junit report | 0 |
keep_binary_on_exit |
Keep DependencyCheck binary and data on exit |
true |
suppression |
Path to suppression file |
Requirements
Getting Started
To get started with dependency_check_ios_analyzer, add it to your project by running:
$ fastlane add_plugin dependency_check_ios_analyzerUsage
dependency_check_ios_analyzer(
project_name: 'SampleProject',
output_types: 'html, junit',
fail_on_cvss: 7
)