fastlane-plugin-dependency_check_ios_analyzer
Advanced tools
Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package Manager and CocoaPods).
This analyzer is considered experimental. While it may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.
| Key | Description | Default |
|---|---|---|
skip_spm_analysis | Skip analysis of SPM dependencies | false |
skip_pods_analysis | Skip analysis of CocoaPods dependencies | false |
spm_checkouts_path | Path to Swift Packages, if resolved | |
pod_file_lock_path | Path to the Podfile.lock file, if exists | |
project_path | Path to the directory that contains an Xcode project, workspace or package. Defaults to the root | |
project_name | The project's name | DependencyCheck |
output_directory | The directory in which all reports will be stored | dependency-check |
output_types | Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all) | sarif |
cli_version | Overwrite the version of DependencyCheck analyzer | 10.0.3 |
verbose | The file path to write verbose logging information | |
fail_on_cvss | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | 11 |
junit_fail_on_cvss | Specifies the CVSS score that is considered a failure when generating the junit report | 0 |
keep_binary_on_exit | Keep DependencyCheck binary and data on exit | true |
suppression | Path to suppression file |
To get started with dependency_check_ios_analyzer, add it to your project by running:
$ fastlane add_plugin dependency_check_ios_analyzer
dependency_check_ios_analyzer(
project_name: 'SampleProject',
output_types: 'html, junit',
fail_on_cvss: 7
)
FAQs
Unknown package
We found that fastlane-plugin-dependency_check_ios_analyzer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.