fastlane-plugin-dependency_check_ios_analyzer 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -7
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb +11 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/spm_helper.rb +11 -2
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb +1 -1
- metadata +15 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bf7e84c41d0957bf58d0109b283977bcb4b439541e916dd2b6835ec45e378d1b
|
4
|
+
data.tar.gz: 5a8b9429290bbeaa42422708adbd119c7968b3d9d0c63f0c29eda52e7c860ff6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7eca0a1937dc598c2600d7e8d48cd438dffb2929842d904bc400bde7515c8128c6c4c47a4262ce932429c8828bb8609fe675d8075f4371fd5c196dad1c4ef16f
|
7
|
+
data.tar.gz: f535298d2316688ce33e7557efe3565c20210c867619443b7090f0123cdd487bc290e021e8e389f17684471752dad32b2292f4e94556cf706f7b6d898d9492b0
|
data/README.md
CHANGED
@@ -10,17 +10,18 @@ This analyzer is considered experimental. While it may be useful and provide val
|
|
10
10
|
|
11
11
|
## Parameters
|
12
12
|
|
13
|
-
|
|
13
|
+
| **Key** | **Description** | **Default** |
|
14
14
|
| ------|-------------- | --------- |
|
15
|
-
| `skip_spm_analysis` | Skip analysis of SPM dependencies | `false` |
|
16
|
-
| `skip_pods_analysis` | Skip analysis of
|
15
|
+
| `skip_spm_analysis` | Skip analysis of `SPM` dependencies | `false` |
|
16
|
+
| `skip_pods_analysis` | Skip analysis of `CocoaPods` dependencies | `false` |
|
17
17
|
| `spm_checkouts_path` | Path to Swift Packages, if they are resolved | |
|
18
|
-
| `pod_file_lock_path` | Path to the `Podfile.lock` file | |
|
19
|
-
| `
|
18
|
+
| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented** | |
|
19
|
+
| `project_path` | Path to the directory that contains an Xcode project, workspace or package. Defaults to the `root` | |
|
20
|
+
| `project_name` | The project's name | `DependencyCheck` |
|
20
21
|
| `output_directory` | The directory in which all reports will be stored | dependency-check |
|
21
22
|
| `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
|
22
|
-
| `cli_version` | Specify the required version of DependencyCheck analyzer.
|
23
|
-
| `rsa_key` | Specify the RSA_KEY of DependencyCheck analyzer download.
|
23
|
+
| `cli_version` | Specify the required version of DependencyCheck analyzer. **Not recommended** | |
|
24
|
+
| `rsa_key` | Specify the RSA_KEY of DependencyCheck analyzer download. **Not recommended** | |
|
24
25
|
| `verbose` | The file path to write verbose logging information | |
|
25
26
|
| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | |
|
26
27
|
| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | |
|
@@ -47,3 +48,7 @@ vulnerabilities_count = dependency_check_ios_analyzer(
|
|
47
48
|
fail_on_cvss: 7
|
48
49
|
)
|
49
50
|
```
|
51
|
+
|
52
|
+
## How to read the reports
|
53
|
+
|
54
|
+
* [Docs](https://jeremylong.github.io/DependencyCheck/general/thereport.html)
|
@@ -11,7 +11,7 @@ module Fastlane
|
|
11
11
|
params[:output_types] = Helper::AnalyzerHelper.parse_output_types(params[:output_types])
|
12
12
|
bin_path = Helper::AnalyzerHelper.install(params)
|
13
13
|
@success = Helper::SpmHelper.analize(bin_path: bin_path, params: params)
|
14
|
-
@vulnerabilities = Helper::AnalyzerHelper.parse_report("#{params[:output_directory]}/SPM/*.sarif")
|
14
|
+
@vulnerabilities = Helper::AnalyzerHelper.parse_report("#{params[:output_directory]}/SPM/report/*.sarif")
|
15
15
|
on_exit(params)
|
16
16
|
end
|
17
17
|
|
@@ -37,9 +37,9 @@ module Fastlane
|
|
37
37
|
def self.example_code
|
38
38
|
[
|
39
39
|
vulnerabilities_count = dependency_check_ios_analyzer(
|
40
|
-
project_name: '
|
40
|
+
project_name: 'SampleProject',
|
41
41
|
skip_pods_analysis: true,
|
42
|
-
output_types: '
|
42
|
+
output_types: 'html, junit',
|
43
43
|
fail_on_cvss: 7
|
44
44
|
)
|
45
45
|
]
|
@@ -61,7 +61,7 @@ module Fastlane
|
|
61
61
|
),
|
62
62
|
FastlaneCore::ConfigItem.new(
|
63
63
|
key: :skip_pods_analysis,
|
64
|
-
description: 'Skip analysis of
|
64
|
+
description: 'Skip analysis of CocoaPods dependencies',
|
65
65
|
optional: true,
|
66
66
|
default_value: false,
|
67
67
|
is_string: false,
|
@@ -81,6 +81,13 @@ module Fastlane
|
|
81
81
|
is_string: true,
|
82
82
|
type: String
|
83
83
|
),
|
84
|
+
FastlaneCore::ConfigItem.new(
|
85
|
+
key: :project_path,
|
86
|
+
description: 'Path to the directory that contains an Xcode project, workspace or package. Defaults to root',
|
87
|
+
optional: true,
|
88
|
+
is_string: true,
|
89
|
+
type: String
|
90
|
+
),
|
84
91
|
FastlaneCore::ConfigItem.new(
|
85
92
|
key: :project_name,
|
86
93
|
description: "The project's name",
|
@@ -29,7 +29,7 @@ module Fastlane
|
|
29
29
|
" --disableBundleAudit" \
|
30
30
|
" --prettyPrint" \
|
31
31
|
" --project #{params[:project_name]}" \
|
32
|
-
" --out #{params[:output_directory]}/SPM" \
|
32
|
+
" --out #{params[:output_directory]}/SPM/report" \
|
33
33
|
" --failOnCVSS #{params[:fail_on_cvss]}" \
|
34
34
|
" --scan #{checkouts_path}" \
|
35
35
|
"#{params[:output_types]}" \
|
@@ -48,7 +48,16 @@ module Fastlane
|
|
48
48
|
return params[:spm_checkouts_path] if params[:spm_checkouts_path]
|
49
49
|
|
50
50
|
checkouts_path = "#{params[:output_directory]}/SPM/SourcePackages"
|
51
|
-
|
51
|
+
checkouts_path = "#{Dir.pwd}/#{checkouts_path}" unless params[:output_directory].include?(Dir.pwd)
|
52
|
+
|
53
|
+
if params[:project_path]
|
54
|
+
Actions.sh("cd #{params[:project_path]} && " \
|
55
|
+
"set -o pipefail && " \
|
56
|
+
"xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
|
57
|
+
else
|
58
|
+
Actions.sh("set -o pipefail && " \
|
59
|
+
"xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
|
60
|
+
end
|
52
61
|
|
53
62
|
UI.message("🎉 SPM checkouts path: #{checkouts_path}")
|
54
63
|
checkouts_path
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fastlane-plugin-dependency_check_ios_analyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexey Alter-Pesotskiy
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: fasterer
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: 0.8.3
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: 0.8.3
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: rubocop
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|