fastlane-plugin-dependency_check_ios_analyzer

fastlane-plugin-dependency_check_ios_analyzer

About dependency_check_ios_analyzer

Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package Manager and CocoaPods).

This analyzer is considered experimental. While it may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.

Parameters

Key	Description	Default
skip_spm_analysis	Skip analysis of SPM dependencies	false
skip_pods_analysis	Skip analysis of CocoaPods dependencies	false
spm_checkouts_path	Path to Swift Packages, if resolved
pod_file_lock_path	Path to the Podfile.lock file, if exists
project_path	Path to the directory that contains an Xcode project, workspace or package. Defaults to the root
project_name	The project's name	DependencyCheck
output_directory	The directory in which all reports will be stored	dependency-check
output_types	Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all)	sarif
cli_version	Overwrite the version of DependencyCheck analyzer	10.0.3
verbose	The file path to write verbose logging information
fail_on_cvss	Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail	11
junit_fail_on_cvss	Specifies the CVSS score that is considered a failure when generating the junit report	0
keep_binary_on_exit	Keep DependencyCheck binary and data on exit	true
suppression	Path to suppression file

Requirements

• Xcode
• Xcode Command Line Tools

Getting Started

To get started with dependency_check_ios_analyzer, add it to your project by running:

$ fastlane add_plugin dependency_check_ios_analyzer

Usage

dependency_check_ios_analyzer(
  project_name: 'SampleProject',
  output_types: 'html, junit',
  fail_on_cvss: 7
)

How to read the reports

• Docs