fastlane-plugin-dependency_check_ios_analyzer

fastlane Plugin Badge

About dependency_check_ios_analyzer

Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package Manager and CocoaPods).

This analyzer is considered experimental. While it may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.

Parameters

Key Description Default
skip_spm_analysis Skip analysis of SPM dependencies false
skip_pods_analysis Skip analysis of CocoaPods dependencies false
spm_checkouts_path Path to Swift Packages, if resolved
pod_file_lock_path Path to the Podfile.lock file, if exists
project_path Path to the directory that contains an Xcode project, workspace or package. Defaults to the root
project_name The project's name DependencyCheck
output_directory The directory in which all reports will be stored dependency-check
output_types Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all) sarif
cli_version Overwrite the version of DependencyCheck analyzer 10.0.3
verbose The file path to write verbose logging information
fail_on_cvss Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail 11
junit_fail_on_cvss Specifies the CVSS score that is considered a failure when generating the junit report 0
keep_binary_on_exit Keep DependencyCheck binary and data on exit true
suppression Path to suppression file

Requirements

Getting Started

To get started with dependency_check_ios_analyzer, add it to your project by running:

$ fastlane add_plugin dependency_check_ios_analyzer

Usage

dependency_check_ios_analyzer(
  project_name: 'SampleProject',
  output_types: 'html, junit',
  fail_on_cvss: 7
)

How to read the reports